Links to the CVEs mentioned in the teaser image:
3 Likes
I just want code with a lot fewer defects, please. Looks like three critical vulns in the last month. Is that meeting acceptable metrics?
Agreed! Will keep trying – thank you for the support.
Regarding qualitative severity rating scale, there was one Critical and two High vulnerabilities fixed recently:
Some of the affected code was over a decade old, as mentioned in the first paragraph of the blog post.
@FreerPBXer that’s the goal - we’re working hard on it.
Hoping to see an improvement. This isn’t that.
That post was replied to in that topic about 12 hours later:
Happy to address any further concerns you may have about that topic in that topic.
Mentioning that topic here is an illustration cogent to this topic, and in direct response to “that’s the goal - we’re working hard on it”.
Here’s the current list of published GitHub Security Advisories for the FreePBX project, demonstrating that “we’re working hard on it”:
