If you discover a security vulnerability in CogniQ, please follow these steps to report it:
- Do not create a public issue on GitHub, as this may expose the vulnerability to malicious actors.
- Instead, DM @jim on the Community Slack.
- In your message, provide a detailed description of the vulnerability, including steps to reproduce the issue and any relevant information about the affected components or systems.
- If possible, include a suggested fix or mitigation for the vulnerability.
- Wait for a response from Jim. He will acknowledge receipt of your report and provide an estimated timeline for addressing the issue.
The CogniQ team takes security vulnerabilities seriously and will work diligently to address any reported issues. However, please be patient during the investigation and resolution process, as it may take some time to fully understand and fix the problem.
We request that you do not disclose the vulnerability publicly until it has been resolved and a security update has been released. Once the issue has been addressed, the CogniQ team may choose to disclose the vulnerability and provide proper credit to the reporter.
Thank you for helping to keep CogniQ and its users secure.