cat icon indicating copy to clipboard operation
cat copied to clipboard
verified publisher icon dianping

Add a security policy

Open JamieSlome opened this issue 3 years ago • 3 comments

Hey there!

I belong to an open source security research community, and a member (@michaellrowley) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

JamieSlome avatar Jan 28 '22 20:01 JamieSlome

Thanks for the reminder, we've added SECURITY.md now~

power-lin avatar Mar 02 '22 02:03 power-lin

@power-lin - great, we really appreciate it!

We will get an e-mail sent over to that address shortly. In the meantime, you can view the report here:

https://huntr.dev/bounties/16ec36c3-96a6-479a-97ff-32956d99bda9/

It is private and only accessible to maintainers with repository write permissions! ❤️

EDIT: we did also send an e-mail to [email protected] a little while back.

JamieSlome avatar Mar 02 '22 10:03 JamieSlome

We have received your report, thank you for your feedback!

power-lin avatar Mar 04 '22 09:03 power-lin