Details
I was recently hit by a DOS attack in my Phabricator instance[1] and wanted to report about my findings since I believe the vulnerability can be exploited as well in Phorge instances.
Is there any way to report this privately instead of doing it in Ponder publicly? Maybe I can set the "Visible To" option to "Trusted Contributors" in this thread?
[1]: I didn't migrate to Phorge unfortunately—though I've been following this project closely–since I stopped using my personal instance and didn't maintain it anymore... I know, I should have had!
Answers
If you believe that it could have security implications, then IMO it's probably worth opening a security report about it using https://we.phorge.it/maniphest/task/edit/form/1/.
(Opening security issues using that form is currently restricted to members of Trusted Contributors — judging by the responses to Q177: Should it be easier for non-community-members to submit security reports?, that restriction should probably be removed; but for now I've added you to that group so you should hopefully be able to use that form.)