DO NOT report vulnerabilities in Glimbot through GitHub issues. The only case for which there is an exception is for already publicly disclosed vulnerabilities in Glimbot dependencies; these may be reported as bugs.
If you discover a security issue in Glimbot, please send an email to one of the repo admins.
Please include, to the degree possible,
- what version of Glimbot the issue occurs in
- what steps are needed to reproduce or exploit the issue
- any system configuration issues that contributed to the issue
If we decide to open a GitHub Security Advisory, you will be credited for any contributions you make to the discovery and/or eventual fix of the issue. Please avoid publicly disclosing the issue until this advisory is made public.
Glimbot support will only target the most recent versions of the bot. However, the project will accept PRs to backport fixes for major issues, including any security issues.