Hyland Connect

dfj · ‎05-17-2016

Hi All

One of my colleagues recently discovered two security vulnerabilities in Activiti, but was unable to get a response from Alfreso and posted details on the oss-security list:

http://www.openwall.com/lists/oss-security/2016/04/29/2

I am making this post in the hope that someone in the development community would be interested in resolving these vulnerabilities. I can provide more specific details privately; I do not wish to make end users more vulnerable by posting exploits publicly.

Thanks
David Jorm

jbarrez · ‎05-19-2016

Hi David, who did you contact on the Alfresco side? I haven't seen anything coming in …

bscarvell · ‎05-19-2016

Hey there,

I made several attempts using the Alfrecso contact form reaching out for someone to contact me privately so I could forward on the security details. I received a number of confirmation emails, but nobody ever responded to the emails.

Thanks,

Brendan

paulhh1 · ‎05-31-2016

Hi Brendan,

Thanks for letting us know. I can only assume that someone assumed that as Activiti Explorer is not supported in the Enterprise version, that this would be dealt with through Community channels. I will investigate to understand where the lapse came, as the Activiti team are very committed to the Activiti Community and would not want to expose anyone to security risks.

Best regards
Paul.

Hyland Connect

Unpatched security vulnerabilities in Activiti