Alleged security issues in Zoph 0.9

Yesterday, I released Zoph v0.9. Today, I did what I always do the day after a new release, searching Google for "zoph 0.9" to see if there are any reactions to it. To my surprise, I found someone claiming to have found some security issues in Zoph 0.9pre2.

Searching a little more, I found that this accusation had been taken over by several sites, but I was never informed. I am a big fan of "Full Disclosure", however, Full Disclosure also means that the person who finds the problem first reports it to the author, giving him a reasonable time to fix it and full disclose after the fix has been published. In this case, I have not been informed at all.

Of course I have immediately tested the alleged vulnerabilities against Zoph. And none of them work. Some "Proof of Concept" scripts even contained mistakes that caused the script not to work at all and even after fixing these mistakes, they did not work. Moreover, I tested the scripts while logged in to Zoph as an admin user and even then they did not work.

In short, these so-called security issues are only a pathetic attempt for some attention. Unfortunately, many sites just copy this information without checking.

If you do find a real security problem in Zoph, please contact me and we can work together to fix the problem and I will (of course) give you the credits for finding the problem.