Security is very important for Vizro and its community 🔒
If you believe you have found a security vulnerability, please report it to us as described below.
The latest version of Vizro is supported. We encourage you to update your Vizro version frequently, this way you will benefit from the latest features, bug fixes, and security fixes.
Please do not report security vulnerabilities through public GitHub issues to limit the potential impact on current users.
If you think you found a vulnerability, and even if you are not sure about it, please report it right away by sending an email to: vizro-security@mckinsey.com
Note that this mail address is only monitored for security reports.
Please try to be as explicit as possible to help us better understand the nature and scope of the possible issue by providing:
- Type of issue (e.g. cross-site scripting, SQL injection, etc.)
- Impact of the issue, including how an attacker might exploit the issue
- Step-by-step instructions to reproduce the issue
- Example code or any special configuration to reproduce the issue
- Location of the affected source code (e.g. branch/commit/URL)
We will review it thoroughly and get back to you. If the issue is confirmed, we will release a patch as soon as possible.
Thanks for your help!
The Vizro team thanks you for that 🙇