[Vtigercrm-developers] Roadmap and safety Vtiger & forks

Prasad prasad at vtiger.com
Fri May 13 10:36:28 GMT 2016 

Dear Błażej,

Any feedback received on security is prioritized on the criticality and
addressed immediately with a patch commit. You can report issues directly
to us or on code.vtiger.com

Regards,
Prasad

--
FB <http://www.facebook.com/vtiger> I Twit <http://twitter.com/vtigercrm> I
LIn <https://www.linkedin.com/company/1270573?trk=tyah> I Blog
<https://blogs.vtiger.com> I Website <https://www.vtiger.com/>

On Fri, May 13, 2016 at 3:25 PM, Błażej Pabiszczak <
b.pabiszczak at yetiforce.com> wrote:

> Every now and then we send information about security errors, not only to
> Vtiger, but also to creators of Vtiger modules. In most of the cases, these
> changes aren't fixed. I don't understand why security is a taboo subject,
> and why nobody considers our comments [maybe we should report each of these
> cases publicly? Or maybe we should record a video on how to break into the
> OD version?] Any ideas?
>
> The code that is currently added to Vtiger is of low quality, and since
> releasing v6.0 nobody has been really dealing with the development as far
> as quality and security are considered. Unfortunately, we inherited a lot
> of code from Vtiger [it also applies to other forks – CoreBOS, VTE CRM].
> The majority of errors we point out are related to not clearing the
> variables, and storing useless old files full of holes. Let's see what the
> reaction to this post is, if you ignore it we won't publish info like that
> anymore, it's a waste of our time. Take into consideration that our
> system doesn't have many of the modules that are in Vtiger because we wrote
> them from scratch, so the link below is not a ready solution, it only
> points out part of the found errors. Vtiger
>
> Therefore I suggest making a contest – how long does it take for serious
> security errors to be fixed, and an update package to be released, after
> publishing the errors on this mailing list.
>
>    -
>    https://github.com/YetiForceCompany/YetiForceCRM/commit/4746cda904c88a26cce22194fb76f64d3df9893d
>
>
> ---
> Z poważaniem / Regards
>
> *Błażej Pabiszczak*
> *Chief Executive Officer*
> M: +48.884999123
> E: b.pabiszczak at yetiforce.com
>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20160513/babf2285/attachment.html>

More information about the vtigercrm-developers mailing list