[csnover]

Sorry if I am just obtuse but I don’t see a timeline in the linked report on GitHub. All I can see is that you tested against a version of Teams from 2020-08-31. Being able to see the complete timeline of communication with MS from discovery to public disclosure is not necessary but would give a more complete picture of how this went down, and I’d like to see it too if it’s not such a hassle.

[oskarsv]

There is no timeline besides when I reported it and now minus 2wks. They never told me when the fix was deployed.

There is little value in going through the email chains to note each date:(. Final decision was made 2020-11-19

[politelemon]

Could you put that in the README, is what we're asking, as vague as it may be.

At the moment the 'has been fixed' is the only clue to this in terms of resolution, and it's tucked away; without it it looks like most of the README is attempting to capitalize on the shock/outrage factor.

Edit: Thanks, author has added some dates.

https://github.com/oskarsve/ms-teams-rce/commit/35eac619fdef...