Trying to get in touch regarding a security issue

Question

Trying to get in touch regarding a security issue

JamieSlome opened this issue 3 years ago · 2 comments

Hey there!

I belong to an open source security research community, and a member (@ay-kay) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Answer 1 · 2022-04-26T10:51:17.000Z

@nategood - is this project still being maintained?

Just for reference, the report we received can be found here:
https://www.huntr.dev/bounties/8d59c089-92f1-4b73-90f8-54968a70e2fb/

It is private and only accessible to you 👍

Answer 2 · 2023-01-05T15:27:07.000Z

@JamieSlome email security@nategood.com