Difference between revisions of "Security Advisory"

From Snowblossom Wiki
Jump to: navigation, search
 
(4 intermediate revisions by the same user not shown)
Line 9: Line 9:
 
!Description
 
!Description
 
|-
 
|-
|SA-1
+
|[[Security/SA-1|SA-1]]
 
|2020.10.30
 
|2020.10.30
 
|All
 
|All
|minor
+
|none
 
|ECDSA signing uses SHA1 hash for signatures
 
|ECDSA signing uses SHA1 hash for signatures
 
|}
 
|}
 +
 +
== Reviews ==
 +
 +
Security Reviews are for when the development team analysis a potential issue and reports on it.  If some action needed to be taken, it would be an advisory instead.  So reviews show that something was considered and then determined to be a non-issue for Snowblossom.
 +
 +
{| class="wikitable"
 +
!ID
 +
!Date
 +
!Versions
 +
!Severity
 +
!Description
 +
|-
 +
|[[Security/SR-1|SR-1]]
 +
|2022.04.20
 +
|All
 +
|none
 +
|Review of CVE-2022-21449: Psychic Signatures in Java
 +
|}
 +
 +
== Reports ==
 +
 +
If you know or suspect any security issues, please report them via:
 +
 +
* Email: security@snowblossom.org
 +
* Discord: fireduck#6402
 +
* Slack: Fireduck
 +
 +
[https://securitytxt.org/ rfc9116] security file: [https://snowblossom.org/.well-known/security.txt security.txt]

Latest revision as of 18:01, 29 June 2022

Advisories

ID Date Versions Severity Description
SA-1 2020.10.30 All none ECDSA signing uses SHA1 hash for signatures

Reviews

Security Reviews are for when the development team analysis a potential issue and reports on it. If some action needed to be taken, it would be an advisory instead. So reviews show that something was considered and then determined to be a non-issue for Snowblossom.

ID Date Versions Severity Description
SR-1 2022.04.20 All none Review of CVE-2022-21449: Psychic Signatures in Java

Reports

If you know or suspect any security issues, please report them via:

  • Email: security@snowblossom.org
  • Discord: fireduck#6402
  • Slack: Fireduck

rfc9116 security file: security.txt