Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'develop' into chore/rails-update
- Loading branch information
Showing
4 changed files
with
50 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,31 @@ | ||
# Security Policy | ||
Chatwoot is looking forward to working with security researchers across the world to keep Chatwoot and our users safe. If you have found an issue in our systems/applications, please reach out to us. | ||
|
||
## Reporting a Vulnerability | ||
|
||
We use [huntr.dev](https://huntr.dev/) for security issues that affect our project. If you believe you have found a vulnerability, please disclose it via this [form](https://huntr.dev/bounties/disclose). | ||
|
||
This will enable us to review the vulnerability, fix it promptly, and reward you for your efforts. | ||
|
||
If you have any questions about the process, feel free to reach out to hello@chatwoot.com. | ||
If you have any questions about the process, feel free to reach out to security@chatwoot.com. | ||
|
||
|
||
## Out of scope | ||
|
||
Please do not perform testing against Chatwoot production services. Use a self hosted instance to perform tests. | ||
|
||
We consider the following to be out of scope, though there may be exceptions. | ||
|
||
- Missing HTTP security headers | ||
- Self XSS | ||
- HTTP Host Header XSS without working proof-of-concept | ||
- Incomplete/Missing SPF/DKIM | ||
- Denial of Service attacks | ||
- DNSSEC | ||
- Social Engineering attacks | ||
|
||
If you are not sure about the scope, please create a report. | ||
|
||
## Thanks | ||
|
||
Thank you for keeping Chatwoot and our users safe. 🙇 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters