VINCE icon indicating copy to clipboard operation
VINCE copied to clipboard
verified publisher icon CERTCC

"Private message coordinators" stuck in sending

Open ubremer1234 opened this issue 6 months ago • 6 comments

Describe the bug When on a case page like the below it's not possible to use the "private message" function as the messages can't be sent

To Reproduce Steps to reproduce the behavior:

  1. Go to https://kb.cert.org/vince/comm/case/2467/
  2. Click on 'Private Message Coordinators'
  3. Put message in the content field and click "Send" button
  4. no error, but the button only changes to "sending" and then nothing more happens

Expected behavior Messages is being sent and the UI reflects that (given that I haven't received a response after several weeks, I think it's safe to assume this is not a display issue of the UI, but the message really isn't sent.

Platform details several users tried Windows and Mac, Safari, FF, Edge, Brave, ...

ubremer1234 avatar Jul 22 '25 14:07 ubremer1234

Hi @ubremer1234

Thank you for reporting this issue. Our investigation so far suggests that the "Private Message" tool failed for you earlier today because the application was unable to process an attachment that you wanted to include with your message. To help our diagnosis, it will be useful to know whatever you are able to tell us about that attachment (file type, size, etc.). And--if this works for what you need to communicate with the coordinators--you can try sending the message without the attachment.

SEI-gstrom avatar Jul 22 '25 17:07 SEI-gstrom

I never tried to attach anything ...

ubremer1234 avatar Jul 23 '25 05:07 ubremer1234

In this Case the problem seems to be the Title field of this Vulnerability Case is too long. When creating a new Thread for Discussion, the subject field includes the full Title field of the Case which is limited too 150 characters. So it failed in line below

https://github.com/CERTCC/VINCE/blob/c55d9c9da3e60762bd496ab1c0758687886ab451/vinny/models.py#L1556-L1558

TacePath is

https://github.com/CERTCC/VINCE/blob/c55d9c9da3e60762bd496ab1c0758687886ab451/vinny/forms.py#L376-L379

to

https://github.com/CERTCC/VINCE/blob/c55d9c9da3e60762bd496ab1c0758687886ab451/vinny/forms.py#L456

to

https://github.com/CERTCC/VINCE/blob/c55d9c9da3e60762bd496ab1c0758687886ab451/vinny/models.py#L1693-L1703

to

https://github.com/CERTCC/VINCE/blob/c55d9c9da3e60762bd496ab1c0758687886ab451/vinny/models.py#L1556-L1558

So my recommendation is to truncate the Subject field in the thread if longer than 150 characters in the Message class helper method new_message

sei-vsarvepalli avatar Jul 23 '25 20:07 sei-vsarvepalli

Hi, thank you for attempting to provide a workaround, but:

  1. it would only be a workaround, so I'd recommend that the code is fixed to deal with longer subject lines (which are derived from the case title, which is out of the control of the author of the resp. message)
  2. as the subject is outside of control of the author the workaround can't be applied. Regards Ulf

ubremer1234 avatar Jul 24 '25 06:07 ubremer1234

Hi, thank you for attempting to provide a workaround, but:

  1. it would only be a workaround, so I'd recommend that the code is fixed to deal with longer subject lines (which are derived from the case title, which is out of the control of the author of the resp. message)
  2. as the subject is outside of control of the author the workaround can't be applied. Regards Ulf

BTW As a work around, the Coordinator has also reduced the Title field for this specific Case to allow for your posting to work as expected. The Bug tag is being tracked for fixing in our next release in the code for long term.

sei-vsarvepalli avatar Jul 24 '25 15:07 sei-vsarvepalli

Thanks for shortening the title: That allowed me to send my message.

ubremer1234 avatar Jul 25 '25 06:07 ubremer1234