Who to contact for security issues

Question

Who to contact for security issues

JamieSlome opened this issue 2 years ago · 2 comments

Hey there!

I belong to an open source security research community, and a member (@ktg9) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Answer 1 · 2021-12-26T10:54:01.000Z

Thanks for your remind, the security issue #219 has been fixed in 0.9.8.

Answer 2 · 2021-12-26T11:00:16.000Z

I've updated SECURITY.md in my repo, thanks.