Recent changes to Security

Security modified by Dave Brondsema

Dave Brondsema — Fri, 09 Jan 2026 17:34:02 -0000

--- v45
+++ v46
@@ -24,6 +24,7 @@

 Once the bug has been fixed, we can provide public thanks and acknowledgment on this page:

+* Jan 2026 - [Mohamed Mahmoud](https://x.com/Mohamed87Khayat) - Information Disclosure
 * Sep 2025 - Fatima Batool Riaz - Rate limiting
 * Oct 2021 - [Ahmed Sherif](https://twitter.com/sherif_ninja) - SSRF vulnerability
 * Apr 2021 - [Sheikh Rishad](https://twitter.com/sheikhrishad0) - HTTP header vulnerability

Security modified by Dave Brondsema

Dave Brondsema — Tue, 11 Nov 2025 16:51:14 -0000

--- v44
+++ v45
@@ -24,6 +24,7 @@

 Once the bug has been fixed, we can provide public thanks and acknowledgment on this page:

+* Sep 2025 - Fatima Batool Riaz - Rate limiting
 * Oct 2021 - [Ahmed Sherif](https://twitter.com/sherif_ninja) - SSRF vulnerability
 * Apr 2021 - [Sheikh Rishad](https://twitter.com/sheikhrishad0) - HTTP header vulnerability
 * Oct 2020 - [Arman Hossain Antu](https://www.facebook.com/Emp3R0R.M44z/) - Email Security

Security modified by Dave Brondsema

Dave Brondsema — Wed, 23 Jul 2025 19:30:09 -0000

--- v43
+++ v44
@@ -19,8 +19,6 @@
 ## Contacting SourceForge with Security Vulnerabilities

 If you've verified a vulnerability, please contact us as soon as possible by emailing <security@sourceforge.net> with full details and information on how to reproduce the issue.
-
-You may PGP encrypt messages to key 80F0E373 (1E90 FD05 9A03 EDC1 4E36  0CD6 0D0F 051B 80F0 E373)

 ## Public Thanks and Acknowledgment

</security@sourceforge.net>

Security modified by Dave Brondsema

Dave Brondsema — Tue, 21 Jan 2025 19:57:18 -0000

--- v42
+++ v43
@@ -4,7 +4,7 @@

 ## Useful Information

-We cover security vulnerabilities for SourceForge provided services, for example, pages on the <https: sourceforge.net=""> website, the [Shell service](/p/forge/documentation/Shell%20Service/), and [File Release System downloads](/p/forge/documentation/forge/Files), etc.
+We cover security vulnerabilities for SourceForge provided services, for example, pages on the <https: sourceforge.net=""> website, the [Shell services](/p/forge/documentation/Shell%20Services/), and [File Release System downloads](/p/forge/documentation/forge/Files), etc.

 When sending in a report, whenever possible, please provide as much information as necessary to reproduce the issue. For example, the URL where the vulnerability is located, the input required, screenshots, web browser, operating systems tested, etc. Accurate information will help us track down and expedite resolving the issue.

</https:></https:>

Security modified by SourceForge Support

SourceForge Support — Fri, 22 Apr 2022 21:41:57 -0000

--- v41
+++ v42
@@ -1,4 +1,4 @@
-Have you found a security-related bug on SourceForge? Please review this document and [let us know](#contacting-sourceforge-with-security-vulnerabilities). We greatly appreciate security communities and those who disclose problems to us quickly so that we can take action. We provide [public thanks and acknowledgement](#public-thanks-and-acknowledgement) for verified reports.
+Have you found a security-related bug on SourceForge? Please review this document and [let us know](#contacting-sourceforge-with-security-vulnerabilities). We greatly appreciate security communities and those who disclose problems to us quickly so that we can take action. We provide [public thanks and acknowledgement](#public-thanks-and-acknowledgment) for verified reports.

 [TOC]

Security modified by SourceForge Support

SourceForge Support — Fri, 22 Apr 2022 21:40:34 -0000

--- v40
+++ v41
@@ -1,4 +1,4 @@
-Have you found a security related bug on SourceForge? Please review this document and [let us know](#contacting-sourceforge-with-security-vulnerabilities). We greatly appreciate security communities and those who disclose problems to us quickly so that we can take action. We provide [public thanks and acknowledgement](#public-thanks-and-acknowledgement) for verified reports.
+Have you found a security-related bug on SourceForge? Please review this document and [let us know](#contacting-sourceforge-with-security-vulnerabilities). We greatly appreciate security communities and those who disclose problems to us quickly so that we can take action. We provide [public thanks and acknowledgement](#public-thanks-and-acknowledgement) for verified reports.

 [TOC]

@@ -6,7 +6,7 @@

 We cover security vulnerabilities for SourceForge provided services, for example, pages on the <https: sourceforge.net=""> website, the [Shell service](/p/forge/documentation/Shell%20Service/), and [File Release System downloads](/p/forge/documentation/forge/Files), etc.

-When sending in a report, whenever possible, please provide as much information as necessary to reproduce the issue. For example, the URL where the vulnerability is located, the input required, screenshots, web browser and operating systems tested, etc. Accurate information will help us track down and expedite resolving the issue.
+When sending in a report, whenever possible, please provide as much information as necessary to reproduce the issue. For example, the URL where the vulnerability is located, the input required, screenshots, web browser, operating systems tested, etc. Accurate information will help us track down and expedite resolving the issue.

 ### Download Mirrors

@@ -22,9 +22,9 @@

 You may PGP encrypt messages to key 80F0E373 (1E90 FD05 9A03 EDC1 4E36  0CD6 0D0F 051B 80F0 E373)

-## Public Thanks and Acknowledgement
+## Public Thanks and Acknowledgment

-Once the bug has been fixed, we can provide public thanks and acknowledgement on this page:
+Once the bug has been fixed, we can provide public thanks and acknowledgment on this page:

 * Oct 2021 - [Ahmed Sherif](https://twitter.com/sherif_ninja) - SSRF vulnerability
 * Apr 2021 - [Sheikh Rishad](https://twitter.com/sheikhrishad0) - HTTP header vulnerability
</https:>

Security modified by Dave Brondsema

Dave Brondsema — Thu, 21 Oct 2021 14:34:03 -0000

--- v39
+++ v40
@@ -26,6 +26,7 @@

 Once the bug has been fixed, we can provide public thanks and acknowledgement on this page:

+* Oct 2021 - [Ahmed Sherif](https://twitter.com/sherif_ninja) - SSRF vulnerability
 * Apr 2021 - [Sheikh Rishad](https://twitter.com/sheikhrishad0) - HTTP header vulnerability
 * Oct 2020 - [Arman Hossain Antu](https://www.facebook.com/Emp3R0R.M44z/) - Email Security
 * Oct 2019 - [Dr. Jonathan Hood](http://www.hoodsecurity.com/) - Information Disclosure

Security modified by Dave Brondsema

Dave Brondsema — Wed, 05 May 2021 16:47:28 -0000

--- v38
+++ v39
@@ -26,6 +26,7 @@

 Once the bug has been fixed, we can provide public thanks and acknowledgement on this page:

+* Apr 2021 - [Sheikh Rishad](https://twitter.com/sheikhrishad0) - HTTP header vulnerability
 * Oct 2020 - [Arman Hossain Antu](https://www.facebook.com/Emp3R0R.M44z/) - Email Security
 * Oct 2019 - [Dr. Jonathan Hood](http://www.hoodsecurity.com/) - Information Disclosure
 * May 2017 - [Jolan Saluria](https://www.facebook.com/jlnslr) - Session Management

Security modified by Dave Brondsema

Dave Brondsema — Wed, 14 Oct 2020 20:28:56 -0000

--- v37
+++ v38
@@ -26,6 +26,7 @@

 Once the bug has been fixed, we can provide public thanks and acknowledgement on this page:

+* Oct 2020 - [Arman Hossain Antu](https://www.facebook.com/Emp3R0R.M44z/) - Email Security
 * Oct 2019 - [Dr. Jonathan Hood](http://www.hoodsecurity.com/) - Information Disclosure
 * May 2017 - [Jolan Saluria](https://www.facebook.com/jlnslr) - Session Management
 * Feb 2017 - [Yasin Soliman](https://twitter.com/SecurityYasin) - XSS vulnerability

Security modified by Dave Brondsema

Dave Brondsema — Tue, 01 Oct 2019 17:57:01 -0000

--- v36
+++ v37
@@ -26,6 +26,7 @@

 Once the bug has been fixed, we can provide public thanks and acknowledgement on this page:

+* Oct 2019 - [Dr. Jonathan Hood](http://www.hoodsecurity.com/) - Information Disclosure
 * May 2017 - [Jolan Saluria](https://www.facebook.com/jlnslr) - Session Management
 * Feb 2017 - [Yasin Soliman](https://twitter.com/SecurityYasin) - XSS vulnerability
 * Dec 2016 - [Suleman Malik](https://twitter.com/sulemanmalik_3) - Session Management