Reporting a vulnerability

[igibek]

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

[TomAugspurger]

We don't have that governance / security policy in place, in part because this isn't really a code repository. It's primarily documentation and examples, so I'd be surprised to hear there's a vulnerability here. But you can reach out to me at tom.w.augspurger@gmail.com. And just so I'm not the only one on the thread, I'll volunteer @jhamman (joe@earthmover.io) without asking him, in case you really think there is a vulnerability.