UsingWW: How to report a security/stability issue

WeBWorK Main Forum

How to report a security/stability issue

This forum has a limit to the number of forum postings you can make in a given time period - this is currently set at 10 posting(s) in 1 day

Hello,

I've learned of a security/stability issue impacting the perl daemon part of Webwork. It would be a bad option to report it publicly on Github where potentially any remote and unauthenticated hacker can learn of the method to take down our webwork sites.

Is there a more confidential way to report a security/stability issue?

Re: How to report a security/stability issue

by Glenn Rice - Monday, 31 March 2025, 3:06 PM

You can email any of the developers directly. You can find my email address on GitHub if you want to email me.

Re: How to report a security/stability issue

by frank picabia - Thursday, 3 April 2025, 7:59 AM

Thanks for the help and testing.

In case anyone else was wondering what this was, it was a false alarm. The kern.log revealed the oom-killer (out of memory killer) was invoked by the kernel. It had shut down the webwork2 service to save the system when memory was low. The thing it needed was either more memory or reducing workers in conf/webwork2.mojolicious.yml from the default of 25.