PBS Professional security updates are primarily made available as minor version patches. We recommend using the latest minor version available, as it will likely also contain other non-security-related fixes. All known critical and high security issues are always fixed in the next major release, when it comes out.
List of Security Vulnerabilities
Vulnerabilities list the major releases that are affected and the versions where they were resolved. If the vulnerability was exploitable without a valid login, this is also stated. We also will classify the vulnerability, but we urge all users to read the description to determine if the bug affects specific installations or not. The following table lists all known security issues and their status. Please note that this table starts at PBS Professional version 14.
(If the above table is empty, no vulnerabilities have been reported.)
Reporting a Security Vulnerability
To report a new security vulnerability, please file a ticket at http://pbspro.atlassian.net/.
Responding to a Security Vulnerability
- Community is notified of the vulnerability by a ticket being filed
- Once the severity has been determined, the community will
- Create a sub-page of this page, containing a description of the vulnerability
- Communicate on the description page
- Post findings on the pbspro.org forum
- Send a notice to CERT (CVE bulletin) if the severity vulnerability is deemed critical
- Patches for the current and previous version may be released
Describing a Security Vulnerability
When describing a security vulnerability, please include the following information:
- Description of the Vulnerability
- Severity Rating
- Affected Software
- Schedule of Availability of Update
- Security Update
- Instructions to Obtain Update