Please find our statement on security in this document: https://www.openproject.org/docs/security-and-privacy/statement-on-security/
Security: opf/openproject
Security
SECURITY.md
-
Project identifier information leakage through robots.txtGHSA-xjfc-fqm3-95q8 published
Jun 1, 2023 by oliverguentherHigh -
User sessions not terminated after activation of 2FAGHSA-xfp9-qqfj-x28q published
May 2, 2023 by oliverguentherModerate -
SQL injection in OpenProject budgets reassignmentGHSA-f565-3whr-6m96 published
Dec 14, 2021 by oliverguentherHigh -
Host Header Injection in unproxied Docker installationsGHSA-r8f8-pgg2-2c26 published
Jul 20, 2021 by oliverguentherModerate -
Regular Expression Denial of Service in OpenProject forum messagesGHSA-qqvp-j6gm-q56f published
Jul 20, 2021 by oliverguentherModerate
Learn more about advisories related to opf/openproject in the GitHub Advisory Database