Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-01-22 09:16:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Updated Security Disclosure (markdown)

Lauri Ojansivu 2018-03-10 02:37:10 +02:00
parent 2092584582
commit bd2c161ebd
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Security-Disclosure.md

@ -65,7 +65,7 @@ Any typical web security bugs. If any of the previously mentioned is somehow pro
Typical already known or "no impact" bugs such as:
- Brute force password guessing
- Brute force password guessing. AFAIK currently there is no brute force limitations in number of guesses for logins and API, pull requests welcome.
- Security issues related to that Wekan uses Meteor 1.6.0.1 related packages, and upgrading to newer Meteor 1.6.1 is complicated process that requires lots of changes to many dependency packages. Upgrading [has been tried many times, spending a lot of time](https://github.com/meteor/meteor/issues/9609) but there still is issues. Helping with package upgrades is very welcome.
- [Wekan API old tokens not replaced correctly](https://github.com/wekan/wekan/issues/1437)
- Missing Cookie flags on non-session cookies or 3rd party cookies