alt Hacker NewsI paid other humans with security expertise to "soft audit" the program prior to release, which uncovered a variety of vulnerabilities which were patched.
It's a courtesy to the users, especially self-hosters.
I paid other humans with security expertise to "soft audit" the program prior to release, which uncovered a variety of vulnerabilities which were patched.
It's a courtesy to the users, especially self-hosters.
The report is kind of concerning to read, particularly having XSS in this kind of app. The report was not meant to be exhaustive and fixing those vulns isn't some kind of implicit tick of approval.