How do I report a security vulnerability with the Paratext registry?

Question

I may have discovered a security vulnerability with the Paratext registry. How do I report it? To whom do I report it?

I tried looking at https://paratext.org/.well-known/security.txt and https://paratext.org/security.txt , but they are empty or return 404 errors.

Answer 1

Hi @dhigby , that was not my intention. I was merely asking about the preferred way of reporting a discovered security vulnerability, if there was one.

Sometimes, security vulnerabilities are debatable, and not all reports are valid. Reports need to be made privately, to prevent disclosing the vulnerability to potential attackers. If the vulnerability is not fixed, responsible disclosure becomes public disclosure, so that users can take measures to protect themselves, if possible. This thread is not a public disclosure of a vulnerability.

Answer 2

Hi there, please report the apparent vulnerability to [Email Removed] and it will be investigated, thank you!

Answer 3

Thank you!

Comments

This post has succeeded in making a number of people nervous about their data

An update will set their minds at ease…