Hi all! I'm in the process of evaluating JForum for security issues. The goal is to find any outstanding security defects and submit patches back to the JForum team. My motivation for finding these issues is so my project at
http://opensource.fortifysoftware.com can use JForum as the backend forums without having to worry about additional attacks (since it's a security focused project, all of the software running the site is under additional scrutiny)
It is much easier to perform this type of security review with help from the developers. If you know the JForum code base, please go to:
http://opensource.fortifysoftware.com and register to help! We've already found a few issues that have given us some concern. It'd be great to get a second opinion.
For background information, the project is the
Java Open Review project. The project is reviewing open source components for potential software security issues and code quality issues. If you're not interested in helping JForums, there might be other projects that you can help with, or you can submit your own.
PM me if you have any additional questions.
[originally posted on jforum.net by openreview]