Skip to content

Security: boxbilling/boxbilling

Security Navigation

SECURITY.md

Security Policy

Supported Versions

Use this section to tell people about which versions of your project are currently being supported with security updates.

Version Supported
4.22.x βœ…

Reporting Vulnerabilities

To report a vulnerability, please make a submission on huntr.dev. Enter https://github.com/boxbilling/boxbilling as the repository and then go from there. Their website should give you a idea good on how to make a good vulnerability report. It's important to make the submission there as it keeps the vulnerability private which helps ensure it can't be exploited while a patch is in the works. If you have a suggestion that is related to security, then creating an issue on GitHub is a suitable place.

Usually a good report should include which file(s) has the exploit, how the vulnerability could be exploited, the potential ramifications of the vulnerability, a proof of concept exploit, and if possible insight into a solution. A proper vulnerability report is awarded with a cash reward, if you provide a patch there is usually a reward with that as well.

Not a Vulnerability?

Reporting bugs This section guides you through submitting a bug report for BoxBilling. Following these guidelines helps maintainers and the community understand your report πŸ“, reproduce the behavior πŸ’» πŸ’», and find related reports πŸ”Ž.

Before creating bug reports, please check this list as you might find out that you don't need to create one. When you are creating a bug report, please include as many details as possible.

Note: If you find a Closed issue that seems like it is the same thing that you're experiencing, open a new issue and include a link to the original issue in the body of your new one.

Before Submitting A Bug Report Perform a cursory search to see if the problem has already been reported. If it has and the issue is still open, add a comment to the existing issue instead of opening a new one. How Do I Submit A (Good) Bug Report? Bugs are tracked as GitHub issues. After you've determined which module your bug is related to, create an issue and provide the following information by filling in the template.

Explain the problem and include additional details to help maintainers reproduce the problem:

Use a clear and descriptive title for the issue to identify the problem. Describe the exact steps which reproduce the problem in as many details as possible. For example, start by explaining what section exactly you used in the browser, or which API call you were using. When listing steps, don't just say what you did, but explain how you did it. Provide specific examples to demonstrate the steps. Include links to files or GitHub projects, or copy/pasteable snippets, which you use in those examples. If you're providing snippets in the issue, use Markdown code blocks. Describe the behavior you observed after following the steps and point out what exactly is the problem with that behavior. Explain which behavior you expected to see instead and why. Include screenshots and animated GIFs which show you following the described steps and clearly demonstrate the problem. If you use the keyboard while following the steps, record the GIF. You can use this tool to record GIFs on macOS and Windows, and this tool or this tool on Linux. If the problem wasn't triggered by a specific action, describe what you were doing before the problem happened and share more information using the guidelines below. Provide more context by answering these questions:

Can you reliably reproduce the issue? If not, provide details about how often the problem happens and under which conditions it normally happens. If the problem is related to working with files (e.g. opening and editing files), does the problem happen for all files and projects or only some? Does the problem happen only when working with local or remote files (e.g. on network drives), with files of a specific type (e.g. only JavaScript or Python files), with large files or files with very long lines, or with files in a specific encoding? Is there anything else special about the files you are using? Include details about your configuration and environment:

Which version of BoxBilling are you using? You can get the exact version by running https://www.boxbilling.org/api/guest/system/version in your browser. What's the name and version of the server OS you're BoxBilling installation is running? What's the PHP version your server is using? What's the MySQL version your server is using?