Extension depublished after falsely reporting a vulnerability.

[webgobe]

I asked the VEL team to check this. No automation on VEL part, and is a single volunteer handling this. So hopefully you have your questions answered.

[funcvar]

Thank you, Webgobe. I expect some progress on this issue. It's taking too long, but it's good to have hope.

[webgobe]

We (I mean, the JED team) also have some hope, that we will have success in trying to keep this thing alive. In mean time we're struggling with what we have and trying to solve as much as we can with the very limited manpower we have. Let's hope together then

[mandville]

it wont be in the VEL list as its showing as under investigation. I will put a note on your jed account about this.
have you got proof of your allegation over the reporter?

[funcvar]

I already provided you with evidence several months ago. I'll do it here too.

1. What the reporter provided is called "hack yourself." This can only be reproduced with access to the site's administrative panel. The same can be done with any Joomla extension, for example, com_content or a custom code module, or in any template where you can insert custom code. Thus, this vulnerability exists in almost any extension in the JED and in Joomla itself.

2. A person who writes on the topic of vulnerabilities and writes reports cannot but know such basic things, this is absurd. This means that there is a fact of malicious intent.

3. This report indicates that the reporter contacted me and had a conversation. In fact, no one contacted me.

4. To eliminate all insinuations on this issue, I made changes to my component several months ago, immediately after the start of this story.

I know for sure that the goal of the attack was to deal with the competitor and raise our own development in this category of JED. Unfortunately, I cannot provide evidence.

[mfleeson]

Unfortunately my issue is still not resolved. I wrote to Mark but didn't get a response. Alas... Thus, I became green with sadness...

Hi
I've been asked to look into this by the JED Team. I've checked my Joomla email and had nothing from you so my apologies if you think i've ignored your contact.
At the moment JED is showing three entries for your extension and none of them are listing any reviews. The system is so obsolete it's very silly.
I will logon to the server tomorrow and go into the mysql to try and find out what it thinks is going on with your extension. Unfortunately the way JED is written that means looking up in three tables to then cross link to four others and then a quick hop skip and jump into the reviews table as well so it might take some time.
The sooner we get help on the JED 4 system the sooner we can turn off JED 3.
Best Wishes
Mark
JED TL.

[funcvar]

Mark, hello!
I sent you a message through the form on this site in your profile. I was now glad to know that you didn’t see it... I wanted to take part in the working aspects of the development of JED. Now the time has passed, I got involved in a big project and am busy 14 hours a day. But in 4-6 months, I will be free. Then I can do something for the community if there is such a need. Perhaps these will be some tasks from you.

[webgobe]

We DESPERATEDLY need more hands on this JED project. Mainly on helping on developing the new JED4 - but not only. Period.

[funcvar]

It's the 9th month... The problem is not being solved. The scammer who attacked my work is very pleased.

[webgobe]

The news on this is that we have even less volunteers working on JED team as 9 months ago. Entire sections of JED work are orphaned, the remained "last of the mohicans" are each covering multiple roles - as they have some spare time to donate to the project. Those being said IMHO harassing the remaining ones is not the best tactic to help the problems being solved.
Maybe I am wrong by keep doing this... I probably would be better by dropping it and take a sabbatical year for myself instead of struggling to keep this thing alive.

[mandville]

is it this https://extensions.joomla.org/extension/quickform/ ? or another one being discussed?

[funcvar]

It is this extension that is being discussed. Soon it will be a year since its development has been stopped. I have no support requests and no part-time work.