Eight years of the GitHub Security Bug Bounty program
It was another record year for our Security Bug Bounty program. We’re excited to highlight some achievements we’ve made together with the bounty community from 2021! ⌘ Read more
ProcessOne: ejabberd 22.05
A new ejabberd release is finally here! ejabberd 22.05 includes five months of work, 200 commits, including many improvements (MQTT, MUC, PubSub, …) and bug fixes.
- Improved MQTT, MUC, and ConverseJS integration
- New installers and container
- Support Erlang/OTP 25
When upgrading from the previous version please notice: there are minor changes in SQL schemas, the included rebar and rebar3 binaries require Erlang/OTP 22 or higher, and make rel uses different paths. There are no break … ⌘ Read more
Maxime Buquet: Updates from the Poezio ecosystem
Releases have happened recently that revolve around Poezio, a TUI
(Terminal UI) client for XMPP, including Poezio itself, its backend XMPP
library Slixmpp, and also the poezio and
slixmpp plugins for OMEMO.
We have been to implement OX in profanity. OX is
XEP-0374: OpenPGP for XMPP Instant Messaging which
may replace XEP-0027: Current Jabber OpenPGP Usage.
It is part of Profanity since version 0.10 but got some fixes since then.
Feel free to try and test the implementation. Let us know, if you have some
issues and support the development via testing and reporting bugs.
Ho … ⌘ Read more
Prosodical Thoughts: Prosody 0.12.0 released
ÄNTLIGEN! It’s finally here! After 3 years of development and through some chaotic times, Prosody 0.12.0 is released!
What’s the significance of this release? Like many software projects, Prosody follows a “branch” development/release model. We frequently make minor releases with bug fixes and improvements from our stable branch, while we implement more adventurous changes in our development branch, ready for the next major release.
Well, this is one of those adventurous … ⌘ Read more
Ignite Realtime Blog: Openfire 4.7.1 Released!
The Ignite Realtime Community is happy to announce the 4.7.1 release of Openfire. This release fixes a number of bugs and represents our effort to provide a stable 4.7.x series while work continues on the next feature release of Openfire.
Notable fixes include security updates to bundled database drivers, logging configuration fixes, and an important fix for users experiencin … ⌘ Read more
Ignite Realtime Blog: Openfire 4.7.0 has been released!
The Ignite Realtime Community is elated to be able to announce the release of Openfire version 4.7.0!
This release is the first non-patch release in more than a year, which brings a healthy amount of new features, as well as bug fixes.
I’d like to explicitly thank the many people in the community that have supported this release: not only were a significant amount of code contributions provided, the feedback that we get in our [chatr … ⌘ Read more
Not enough tests
GoBlog’s test coverage is increasing (currently about 41%), but I keep being reminded there is nothing like enough or even too many tests. I still find some stupid bugs that aren’t covered by automatic tests. ⌘ Read more
ProcessOne: ejabberd 21.12
This new ejabberd 21.12 release comes after five months of work, contains more than one hundred changes, many of them are major improvements or features, and several bug fixes.
When upgrading from previous versions, please notice: there’s a change in mod_register_web behaviour, and PosgreSQL database, please take a look if they affect your installation.
A more detailed expla … ⌘ Read more
ProcessOne: ejabberd 21.12
This new ejabberd 21.12 release comes after five months of work, contains more than one hundred changes, many of them are major improvements or features, and several bug fixes.
When upgrading from previous versions, please notice: there’s a change in mod_register_web behaviour, and PosgreSQL database, please take a look if they affect your installation.
A more detailed expla … ⌘ Read more
ProcessOne: ejabberd 21.12
This new ejabberd 21.12 release comes after five months of work, contains more than one hundred changes, many of them are major improvements or features, and several bug fixes.
When upgrading from previous versions, please notice: there’s a change in mod_register_web behaviour, and PosgreSQL database, please take a look if they affect your installation.
A more detailed expla … ⌘ Read more
Ignite Realtime Blog: Openfire 4.7.0 beta & Hazelcast plugin 2.6.0 releases!
After a long few months full of hard work, we are happy to tell you that we are close to a 4.7.0 release for Openfire!
This next version of our real time communications server has received a lot of improvements and bug fixes.
A key area of the code that has received updates is the Multi-User Chat (MUC) impl … ⌘ Read more
How to squash bugs by enrolling in OSS-Fuzz
OSS-Fuzz is Google’s awesome fuzzing service for open source projects. GitHub Security Lab’s @kevinbackhouse describes enrolling a project. ⌘ Read more
Mark emails me all the time with bugs he found in GoBlog (some that I would never have found myself) and features he would like to see (e.g. better display of Brid.gy webmentions). I take it as motivation and try to improve GoBlog in a way that it is useful for others as well. And I think there is a good progress. ⌘ Read more
Three rules of bug fixing for better OSS security
When you’re fixing a bug, especially a security vulnerability, you should add a regression test, fix the bug, and find & fix variants. ⌘ Read more
Funny bug in LG TV: last Saturday I scheduled some film from yesterday for recording. Actual recording yesterday started 1 hour late. Looks like although TV knows actual time perfectly well it was not capable to “translate” schedule from CEST to CET.
@movq@www.uninformativ.de Today I had unexpected old twts after jenny -f. Have now jennys cache under revision control, automatically commiting changes after each fetch. Let’s see if this helps finding a (possible) bug.
Game Off 2021 theme announcement
The theme for this year’s Game Off is… …BUG! Your challenge, should you choose to accept it, is to create a game between now and December 1 incorporating the theme somehow, and submit it to ⌘ Read more
Ignite Realtime Blog: Smack 4.4.4 released
We are happy to announce the release of Smack 4.4.4. Thanks to numerous contributors this patch level release includes many fixes and improvements. I’d like to especially thank the folks from Jitsi, namely Boris Grozev, Damian Minkov, Ingo Bauersachs, and Jonathan Lennox. Who tracked down multiple bugs, including a nasty concurrency bug. Furthermore, thanks to Ingo, Smack and its important dependencies [jxmpp](https://github.com/ign … ⌘ Read more
@lyse@lyse.isobeef.org I’m seeing your response as reply to #p522joq, where it doesn’t seem to belong to. Did this happen by accident or is there a bug hiding somewhere?
@prologic@twtxt.net I’m seeing your response as reply to #p522joq, where it doesn’t seem to belong to. Did this happen by accident or is there a bug hiding somewhere?
Cybersecurity spotlight on bug bounty researcher @yvvdwf
We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program: @yvvdwf ⌘ Read more
Ignite Realtime Blog: Push Notification Openfire plugin 0.9.0 released
I’m happy to be able to announce that we’ve released version 0.9.0 of the Push Notifications plugin for Openfire!
This version does not bring new functionality. It does fix a bug that older versions of this plugin had, when running on Openfire 4.6.4 or later.
For other release announcements and news follow us on Twitter
1 post - 1 participant
�� … ⌘ Read more
Oof! I found a bug on Yarn’s Markdown rendering, @prologic@twtxt.net. See OP.
@quark@ferengi.one Pinging @movq@www.uninformativ.de, in case it is a bug.
Gajim: Gajim 1.3.3
This release features improved Ad-Hoc Commands and brings back spell checking. Gajim 1.3.3 includes many bug fixes and improvements. Thanks everyone for reporting issues!
The Ad-Hoc Commands window has been ported to Gajim’s new Assistant. This unifies the look and feel with other actions using an Assistant and it also fixes some issues.
More Changes New- Profile: A NOTE entry has been added
- API JID for search.jab … ⌘ Read more
Cybersecurity spotlight on bug bounty researchers @chen-robert and @ginkoid
GitHub’s bug bounty team is excited to kick off Cybersecurity Awareness Month with a spotlight on two security researchers who participate in the GitHub Security Bug Bounty Program. ⌘ Read more
GitHub security update: Vulnerabilities in tar and @npmcli/arborist
Between July 21, 2021 and August 13, 2021 we received reports through one of our private security bug bounty programs from researchers regarding vulnerabilities in tar and @npmcli/arborist. ⌘ Read more
Highlights from Git 2.33
The open source Git project just released Git 2.33 with features and bug fixes from over 74 contributors, 19 of them new. We last caught up with you on the latest in Git when 2.31 ⌘ Read more
↳
In-reply-to
»
My kid just uncovered a bug in a program I wrote by grabbing my laptop and smacking the keyboard a bunch. Biological input fuzzing; a real-life chaos monkey.
⤋ Read More
It did! And I fixed the bug last night. And now I’m curious how your pod deals with spam. 👆🏼
My kid just uncovered a bug in a program I wrote by grabbing my laptop and smacking the keyboard a bunch. Biological input fuzzing; a real-life chaos monkey.
Seven years of the GitHub Security Bug Bounty program ⌘ Read more…
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug ⌘ Read more…
Fixed another bug in my finger client: rfc1288 says lines have to end with crlf, but I was just sending lf.
Fixed a bug. Found a new bug in yesterday’s work. Fixed that bug.
@prologic@twtxt.net @jlj@twt.nfld.uk @movq@www.uninformativ.de
/p/tmp > git clone https://www.uninformativ.de/git/lariza.git Mon May 24 23:48:18 2021
Cloning into 'lariza'...
/p/tmp > tree lariza/ 12.5s Mon May 24 23:48:32 2021
lariza/
├── BUGS
├── CHANGES
├── LICENSE
├── Makefile
├── PATCHES
├── README
├── browser.c
├── man1
│ ├── lariza.1
│ └── lariza.usage.1
├── user-scripts
│ └── hints.js
└── we_adblock.c
2 directories, 11 files
↳
In-reply-to
»
I just timed it: 59 seconds for my Raspberry Pi to boot, 33 of which is waiting for my keyboard firmware to initialize. That's just absurd.
⤋ Read More
Unrelated: my first response shows a rendering bug on your site: it’s dropping a backslash. Hard to mix markdown and genuine plain text.
GitHub security update: A bug related to handling of authenticated sessions ⌘ Read more…
@prologic@twtxt.net Bug in your profile links: it’s repeating a segment. For example, your face tries to get to https://twtxt.net/user/https://twtxt.net/user/prologic/twtxt.txt
The little bug that couldn’t: Securing OpenSSL ⌘ Read more…
@xuu@txt.sour.is @prologic@twtxt.net @thewismit@twtxt.psynergy.io ah.. probably a bug with the re parser. looks like i can do it without the <>’s with lex
Crazy behavior of Xfce Note CPU Usage, bug going back to 2012 and still happening in 2020 ⌘ https://blog.rmendes.net/2020/crazy-behavior-of-xfce-note-cpu-usage-bug-going-back
Aditya Borikar: Chapter 9: Bug Fixation ⌘ https://adiaholic.github.io/gsoc2020/2020/07/19/Chapter-9-Fixing-Bugs.html
@lucidiot@tilde.town, thanks for the bug report. Does anybody have an idea for https://github.com/mdom/txtnish/issues/12?
Hackers hijack thousands of Chromecasts to warn of latest security bug – TechCrunch https://techcrunch.com/2019/01/02/chromecast-bug-hackers-havoc/
Am I the only one who thought the Bumblebee trailer was a trailer for a gritty remake of Herbie the Love Bug?
Bad idea of the day: a social network where post literally fade because the contrast is computed with the inverse of time. A spinoff where bugs slowly eat away at posts.
Supermicro boards were so bug ridden, why would hackers ever need implants? | Ars Technica https://arstechnica.com/information-technology/2018/10/supermicro-boards-were-so-bug-ridden-why-would-hackers-ever-need-implants/