Exploit Reports & Security Vulnerability Reports Are PMed To Bug-Files

Reproduction Steps

  1. Navigate to: devforum.roblox.com/w/bug-report.

  2. Specify that the bug report represents an exploit or a security vulnerability.

  3. The report will be private messaged to the bug-files group.

I believe this is unintended behavior due to the description of the bug-files group.

For privately sending crash dumps / logs from the game engine or Studio, linked to an existing bug report. PMs to this group should only contain attachments / download links and a link back to your original bug report, and not repro steps / other information (these should be present in your bug report).

Let’s do a one by one comparison of each sentence.

For privately sending crash dumps / logs from the game engine or Studio, linked to an existing bug report.

We’re sending the report for the first time, and the group description explicitly states that it is meant for just privately sharing files to be associated with pre-existing reports.

PMs to this group should only contain attachments / download links and a link back to your original bug report, and not repro steps / other information (these should be present in your bug report).

We’re not just sending files/links relevant to a pre-existing, original report, we’re sending a whole new report for the first time ever which contains reproduction steps and other critical information relevant to the report.

Expected Behavior

This is ambiguous.

I can only assume that:

  • The report was meant to be directed to Exploit_Reports (highly likely) or Bug_Support (less likely)

  • The report should be sent to bug-files as it is now. However, if this is the case (if the experienced behavior is intended), then I would like to suggest a description update to the group so that it does not cause unnecessary worry and confusion to exploit and security vulnerability reporters such as myself, as the description does not state that the quoted conditions do not apply to exploit and security vulnerability reports being submitted to the group.

Actual Behavior

The report is private messaged to the bug-files group on the developer forum.

Issue Area: Roblox Website
Page URL: New Bug Report
Impact: Low
Frequency: Constantly
Date First Experienced: 2022-09-04 00:09:00 (+03:00)
Date Last Experienced: 2022-09-04 00:09:00 (+03:00)


On a side note, in the case that this is unintended behavior as I thought, I would like an administrator to view: Private Information - Security Vulnerability Report from MasterSapphireFrost - DevForum | Roblox as it was privately messaged to the bug-files group.

5 Likes