radash icon indicating copy to clipboard operation
radash copied to clipboard
verified publisher icon sodiray

How to contact for security issues & Adding security policy

Open arkark opened this issue 1 year ago • 2 comments

Summary

I found a security issue in radash, but I could not find the way to contact the project maintainers privately. May I ask you to tell me a contact method you prefer?

FYI

I suggest you to put SECURITY.md (a security policy) at the root.

As another choice, if the project maintainers enable "Private vulnerability reporting" on GitHub, I can report the issue privately.

  • ref: https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository#enabling-or-disabling-private-vulnerability-reporting-for-a-repository

arkark avatar Jan 25 '25 13:01 arkark

Hello @arkark, if the same vulnerability exists in Radashi (a maintained version of Radash), please see our SECURITY.md document for next steps.

aleclarson avatar Mar 19 '25 17:03 aleclarson

Hello, I'll check it when I have time. Thanks.

arkark avatar Mar 24 '25 10:03 arkark