What Does A Security Release Notice Look Like?

Published: Thursday, 30 July 2015

One of the requirements to get your vulnerable extension marked as resolved is that you publish a security release announcement on your website. However we have noticed that developers often seem to have trouble with understanding what this means.

So what does it mean? We do not have a standard format for this, however we do ask that any reasonably...

Read more: What Does A Security Release Notice Look Like?

The Perils of the Default Settings

Published: Wednesday, 22 July 2015


Recently an issue was reported to the Vulnerable Extensions List team, which affected the blogging platform for Joomla, Easy Blog. After some thought we decided that it did not fall within the normal definition of a security issue that would merit listing on the VEL. It was reported to us by a site owner whose site had been hit by an...

Read more: The Perils of the Default Settings

Responsible disclosure

Published: Sunday, 19 April 2015

There has a been a lot of talk recently about responsible disclosure issues especially with new developers and glory seekers. The VEL team have its own responsible disclosure code, namely that we wont list any Proof of concept or samples. we will only give the bare minimum.. All we ask is...

Read more: Responsible disclosure