SECURITY.md 641 字节

Security Policy

Supported Versions

Please use the latest release you can find in the CHANGELOG.md.

Reporting a Vulnerability

Please disclose any vulnerabilities found responsibly - report any security problems found to the maintainers privately. For example you can write me a email: lars@moelleken.org

Known vulnerabilities

Portable UTF-8 versions prior to 5.4.26 (released 2019-11-05) have an open redirect vulnerability. The Bootup::filterRequestUri() method used a unsecure header('Location ... implentation. And because it's most secure to not use this method at all, I decided to disable the function by default.