Parse-server: --- REDACTED ---
--- REDACTED ---
charleskoehl
All 13 comments
Confirmed, I can reproduce this.
I also tested it on an empty class and a class with objects in it. The bug happens in both cases.
-- REDACTED --
milesrichardson
on 1 Dec 2017
Can you provide the server logs when running with VERBOSE=1?
flovilmart
on 1 Dec 2017
I believe I found the root cause, and will provide a fix in the next hour
flovilmart
on 1 Dec 2017
@charleskoehl I'm gonna close this issue now.
I want to take a minute to let you know that issues that may affect security should be privately reported. As mentioned by @milesrichardson everyone now knows the issue, and is able to target the servers.
flovilmart
on 1 Dec 2017
I've cleaned up the conversation, unfortunately github keeps a tail of events with the changes.
flovilmart
on 1 Dec 2017
fwiw I can only see that you deleted the comment, can't see the old contents. Maybe you can because you're admin
milesrichardson
on 1 Dec 2017
I'm very sorry for that; I'm sort of a noob in the open source community despite having coded since 1982.
charleskoehl
on 1 Dec 2017
No worry @charleskoehl, mistakes happen. That made me realize we don't have a security 'hotline' / email.
flovilmart
on 1 Dec 2017
I'm just curious... is there a published confidential disclosure procedure? An email address? Maybe a PGP key?
nbering
on 1 Dec 2017
We should put that in place sooner than later. I鈥檒l do it before Monday, with a public pgp key!
flovilmart
on 1 Dec 2017
We should also add a notice for responsible disclosures in the the issue/PR template.
montymxb
on 2 Dec 2017
Yes, in the issue template, .org domains, and all README鈥檚
flovilmart
on 2 Dec 2017
Perhaps this could help clean things up more:
charleskoehl
on 2 Dec 2017
Related issues
dpaid
路
3Comments
carjo422
路
3Comments
ViolentCrumble
路
3Comments
jaydeep82
路
4Comments
LtrDan
路
4Comments
Most helpful comment
We should put that in place sooner than later. I鈥檒l do it before Monday, with a public pgp key!