Add a Security Policy #119
Comments
|
Thank you!! This is your first issue on this repo |
|
@alexzaganelli pinging again because you should do this ASAP and respond to my report (assuming your current email is [email protected]). The vulnerability I want to report is rated critical and everyone who is using this plugin is vulnerable. |
|
Hi @Ccamm, thank you for your contribute. I'll try to do all my best during the next week. As you can imagine this is a plugin that I've written for the community, not for my own business so I need to find a bunch of time to fix this vulnerability. Thank you again. |
Thanks for the response. I assume that you have seen my report that I sent to [email protected]. Let's communicate via email, since it is a sensitive matter that I don't want to get out. I will close this issue when a Security Policy is added, since it is needed for future security researchers to privately disclose vulnerabilities. |
|
@Ccamm was this issue resolved? |
Yes, it's solved. |
Feature request
Summary
Add a security policy to this repository to explain how to privately disclose vulnerabilities. I have tried emailing the main contributor (@alexzaganelli) about a security vulnerability, but I haven't received a response yet. I do not know if the email address I sent my report to is used anymore, so it would be great to have clarification of what would be best method of communication for reporting vulnerabilities.
Why is it needed?
It will assist security researchers to privately report vulnerabilities. Professional security researchers want to have security vulnerabilities patched before details are published to inform users of the issue.
Suggested solution(s)
Add a security policy with a method for privately reporting vulnerabilities.
Related issue(s)/PR(s)
N/A
The text was updated successfully, but these errors were encountered: