Responsible disclosure policy #70
Comments
Hey @zidingz, |
Hi @patkon , here are the reports for the repository (in decreasing order of severity) https://www.huntr.dev/bounties/3c293dca-d6ba-41b7-8954-8749d729a150/ When you are free, you can check them (only maintainers of a repository can view the report) |
Note that these reports were tested on the latest version of flatcore-cms (the develop branch) |
Hey @Haxatron, thank you. I will check this and do my best to fix the Bugs. |
Hi @patkon , once you are done and have the free time, could you validate the reports and submit the fixes? You will also be rewarded the fix bounty once you do, for helping keep your software safe! Thank you! |
Yes, of course I will.. I've changed a lot and I'm currently testing whether everything still works as before. |
Hi there, thanks for validating and fixing the vulnerabilities! Have submitted 2 more reports: https://huntr.dev/bounties/ee5fba4a-dd6a-4bba-b9dd-d73bcca0f38e/ Please take your time to review them, don't want you to get overwhelmed 😅 |
Thank you. |
Hey there!
I belong to an open source security research community, and a member (@Haxatron) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: