Hello everyone!
Part of our NLNet Funding was a Security Quick Scan. This is done now and we received the report. There are some issues to be addressed and we already planned their fix for a upcoming release.
We are planning to have a responsible disclosure for the found issues. Let me explain this a bit: Every admin of any instance should be aware of the security issues found, but when we publish the report without shipping fixes, everyone is able to eventually exploit these problems. So we plan to fix all the problems as soon as possible and plan to publish the report end of august, which is a 90 days period and quite common.
If you have any feedback or questions, please get in touch. I'll keep you posted as soon as there are some news.
This post is a copy from Loomio