-
-
Notifications
You must be signed in to change notification settings - Fork 549
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[for new users] All security related issue to be aware currently #510
Comments
@jklingen Could you please pin this issue on the repo, I believe it is of utter importance that new users are aware of the state of this project. |
@AkechiShiro Thanks for the summary. Just a short notice for now: I agree that our communication on these things could be better, we'll work on this. Please understand that we're still doing all of this in our little spare time, so often things take longer than we'd like. btw: AFAIK both issues you mentioned are fixed in the latest 1.3 (unstable) release. |
Thanks for admitting this failure, I can totally understand, good luck, maintaining open source software is the one of the hard and difficult when done during spare time, everyone use it to run the world but sometimes there are too few contributors |
My company just disallowed the use of Greenshot and I am devestated. I have used this software for 10 years now and I don't want to learn other tools. This is a direct result of the security vulnerabilities that haven't been solved for. I asked some colleagues at my former place of work (10k employees) and they had done the same. Sad day. |
Describe the bug
No clear announcement of security fixes for
To Reproduce
Example steps to reproduce the behavior (few scripts for scripts kiddies available) :
Expected behavior
Vulnerabilities shouldn't left unanswered and silently fixed in releases, this sets up a very bad example of how to actually handle security issues, fixing them "silently" doesn't help at all.
Also I strongly suggest a security policy be added here to clearly indicate to whom/how and where security issues should be reported.
If that's too much to ask, then update this FAQ : https://getgreenshot.org/faq/is-greenshot-clean/ and add that CVE/Security issues are not a priority for Greenshot, be transparent at least, that would be hugely helpful.
This software is probably the best for screenshots, sadly the handling of security vulnerabilities isn't great.
Versions (please complete the following information):
Additional context
EDIT (Add Workaround Software recommended)
Workaround software recommended :
The text was updated successfully, but these errors were encountered: