Create SECURITY.md

Question

Create SECURITY.md

JamieSlome opened this issue 3 years ago · 4 comments

Hey there!

I belong to an open source security research community, and a member (@oivrip) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Answer 1 · 2022-01-17T20:59:41.000Z

Thanks for reaching out @JamieSlome. Please have a look at https://www.playframework.com/security/vulnerability: Please report the security issue to security@playframework.com. And I agree we should add a SECURITY.md

Answer 2 · 2022-01-18T11:13:44.000Z

@mkurz - thanks for the response!

We just sent an e-mail to that address with more information ❤️

For reference, the report can be found here. It is private and only accessible to maintainers with repository write permissions.

Answer 3 · 2022-01-18T11:20:09.000Z

@JamieSlome Thanks, addressed here: #152

Answer 4 · 2022-05-04T15:05:57.000Z

Fixed, finally: playframework/.github#21