Security

If you’ve found a security issue in any Charcoal project, please don’t post it publicly (including in Charcoal HQ, our chatroom). Instead, email details of the vulnerability to [email protected], which is a mailing list that will reach the necessary people. They’ll have a look and confirm whether or not it’s a security issue, and deal with it appropriately.

If you’d like to encrypt your email, you can find our PGP key here: https://metasmoke.erwaysoftware.com/security-pubkey.txt

Acknowledgements

We’d like to extend special thanks to these people, who have helped us out by reporting security vulnerabilities to us.

teward - improper SQL dump sanitization and handling
NobodyNada - server memory dump disclosure
user12986714 - SQL injection vulnerability

Charcoal is not affiliated with or sponsored by Stack Exchange, Inc.
Security • Contact

Website Source • By j-f1, ArtOfCode-, iBug, angussidney, and 24 more

More gory details • Edit on GitHub • New Page