Found a possible security concern
zidingz opened this issue · 2 comments
Hey there!
I belong to an open source security research community, and a member (@ready-research) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
It's true it could be moved to a separate file, but there is a contact here: https://github.com/ractivejs/ractive/blob/dev/CONTRIBUTING.md#reporting-security-vulnerabilities
@evs-chris I'm not sure if you're on that list though. If not and you want to keep using it, let me know and I'll make you the owner.
Yeah, I'm not sure if I'm on that list or not, so please add me if I'm not. I think that list will be fine for now, and I'll look at creating a separate security doc in a bit.