Who to contact for security issues
Closed this issue · 2 comments
Hey there!
I belong to an open source security research community, and a member (@ysf) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
Hi @JamieSlome,
Thank you for reaching out. Commit adding SECURITY.md file got merged just now.
@tomjelinek - thanks for your response and support in creating the SECURITY.md.
We will get an e-mail sent out to you shortly with further details, otherwise, you can view the report directly in the meantime:
https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5/
It is private and only accessible to maintainers with repository write permissions! 👍