Found a possible security concern #202
Comments
|
Sir
Can you please put it in more simple terms as to what exactly your
concern is?
Thank you.
…On Thu, Jan 6, 2022, 11:34 AM Jamie Slome ***@***.***> wrote:
Hey there!
I belong to an open source security research community, and a member (
@ranjit-git <https://github.com/ranjit-git>) has found an issue, but
doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md file with an email,
or another contact method? GitHub recommends
<https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository>
this best practice to ensure security issues are responsibly disclosed, and
it would serve as a simple instruction for security researchers in the
future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper <https://github.com/huntr-helper>)
—
Reply to this email directly, view it on GitHub
<#202>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASDPJ4LKIYSVH2FCTUZFYMLUUXVETANCNFSM5LNB43TQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
@drewlives - a security issue has been raised for this repository, which can be found here: https://huntr.dev/bounties/5d2c57de-6976-4ccc-bdad-acbc911311ab/ It is private and only accessible to maintainers with repository write permissions 😃 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey there!
I belong to an open source security research community, and a member (@ranjit-git) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.mdfile with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: