|
|
|
|
|
|
by e12e
997 days ago
|
|
|
Nice that the post includes a timeline - but considering some of these issues (broken rng, brute force of otp) - it's deeply concerning that the issues won't be fixed? > August 7, 2023: We reported our findings to the caddy-security plugin maintainers. > August 23, 2023: The caddy-security plugin maintainers confirmed that there were no near-term plans to act on the reported vulnerabilities. |
|
|
Shows that reviewing dependencies is not optional. Hundreds of stars on GitHub is not a helpful data point, even if my own monkey brain says otherwise.