Coverage for templates/security.html: 100%

69 statements  

« prev     ^ index     » next       coverage.py v7.6.9, created at 2024-12-26 00:11 +0000

1{% extends 'base.html' %} 

2{% load i18n %} 

3{% load static %} 

4{% load bootstrap4 %} 

5  

6{% block title %}{% trans 'federated avatar hosting service' %}{% endblock %} 

7  

8{% block content %} 

9<style media="screen"> 

10 .container, p { 

11 font-size:16px; 

12 } 

13</style> 

14<h4>Reporting security bugs</h4> 

15  

16If you discover a security issue in ivatar, please report it to us privately so 

17that we can push a fix to the main service before disclosing the problem 

18publicly. We will credit you publicly (unless you don't want to) with this 

19discovery. 

20<p></p> 

21The best way to do that is to file a security bug on our 

22<a href="https://git.linux-kernel.at/oliver/ivatar/issues/new" 

23 title="https://git.linux-kernel.at/oliver/ivatar/issues/new" target="_new"> 

24 bug tracker 

25</a>. Make sure you change the bug visibility (see "This issue is confidential 

26and should only be visible to team members with at least Reporter access") and 

27set the 'Security' label. 

28<p></p> 

29Alternatively, you can talk to us at 

30<a href="mailto:security@libravatar.org" 

31 title="mailto:security@libravatar.org"> 

32 security@libravatar.org 

33</a>. 

34<br/> 

35We will do our best to respond to you within 24-48 hours. 

36<br/> 

37Also, please let us know if you are under any kind of publication deadline. 

38<p></p> 

39  

40<h4 style="margin-top: 2rem;">Security Hall of fame</h4> 

41  

42We would like to thank the following people who have helped make 

43ivatar/Libravatar more secure by reporting security issues to us. 

44  

45<ul> 

46 <li>Ahmed Adel Abdelfattah ( 

47 <a href="https://twitter.com/00SystemError00" 

48 title="https://twitter.com/00SystemError00" target="_new">@00SystemError00</a>): 

49 improvement to mail configuration on <code>libravatar.org</code> and 

50 <code>libravatar.com</code></li> 

51 <li> 

52 <a href="https://www.facebook.com/BugHunterID" 

53 title="https://www.facebook.com/BugHunterID" target="_new"> 

54 Putra Adhari</a>: 

55 <a href="https://bugs.launchpad.net/libravatar/+bug/1808720" 

56 title="https://bugs.launchpad.net/libravatar/+bug/1808720" target="_new"> 

57 server-side request forgery</a> in OpenID support</li> 

58 <li> 

59 <a href="https://www.linkedin.com/in/naharronak/" 

60 title="https://www.linkedin.com/in/naharronak/" target="_new"> 

61 Ronak Nahar</a>: 

62 Spotted and reported open server status from Apache HTTPD.</li> 

63 <li> 

64 <a href="https://daniel.priv.no/" 

65 title="https://daniel.priv.no/" target="_new"> 

66 Daniel Aleksandersen</a>: 

67 Spotted and reported an open redirect vulnerability, as described in <a href="https://cwe.mitre.org/data/definitions/601.html" taget="_new">CWE-601</a>.</li> 

68 <li> 

69 MR_NETWORK &amp; Farzan ʷᵒⁿᵈᵉʳ: 

70 Spotted a problematic use of SECRET_KEY in the production environment. Many thanks for reporting it to us!</li> 

71  

72</ul> 

73  

74<div style="height:40px"></div> 

75  

76{% endblock %}