@sam.morgan… is it worth unlisting this post at this point so it can only be accessed via a direct link?
2 Likes
My app for example doesn’t have any place for public file uploads, it’s all only for logged in users. So maybe at least for that example you could specify “file uploads require login” and it closes this loophole app-wide. Just a thought but I know that doesn’t apply to most apps.
I like @sam.morgan 's response much better than the initial email screenshot so thank you for the reply
2 Likes
Of course there’s something productive to be gained: It’s important for your customers to know that this is a security vulnerability that’s unfixed and has been unfixed for months.
2 Likes
@sam.morgan thanks for your reply; I do agree with @tylerboodman that your response was much better than the one I originally received. However, as it pertains to
I respectfully disagree. I gave your support rep. ample opportunities and time to respond–instead of dismissing–the security concerns. Bubble clearly lacks “a responsible disclosure process” if a known and industry-recognized security vulnerability has remained on your platform for so long.
2 Likes
This topic was automatically closed after 14 days. New replies are no longer allowed.