The Zenphoto team typically works in conjunction with the Security Community to insure you, our users, can be confident in the environment we provide. The unfortunate nature of software is that bugs creep in. When some of those introduce security issues we are grateful to the Security Community for pointing them out to us.
We take any report seriously
A typical scenario is that a researcher will discover a potential flaw. He will develop an example exploit to verify his hypothesis, and then he will send a report to us describing his analysis and including the example exploit. This is proper scientific methodology consisting of a hypothesis and an experiment to validate it. The two are really integral components. A hypothesis without an experiment is simply speculation without substantiation.
We receive the report, verify that the problem still exists, and if so attempt to speedily correct the issue. The correction will always go into the current support (...)