Please DO NOT report security vulnerabilities using a public GitHub issue. If you believe you've found a security issue, please contact us through one of the following methods:
- Using GitHub security advisories:
https://github.com/saleor/<repository-name>/security/advisories
(replace<repository-name>
) - https://huntr.dev/bounties/disclose/
- Alternatively, through our mailing list: security@saleor.io
We do not currently have a bounty program in place, so we cannot offer monetary rewards for any reported problems.
You can claim bounty rewards by reporting vulnerabilities using Huntr: https://huntr.dev.
Whichever method you choose, you will be credited as the reporter once the announcement is published.