Reporting Security Issues
We take security very seriously at GoDaddy. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
In order to give the community time to respond and upgrade, we strongly urge you report all security issues privately.
To report a security issue in one of our Open Source projects email us directly at email@example.com and include the word "SECURITY" in the subject line.
This mail is delivered to our Open Source Security team.
Security update policy
After the initial reply to your report, the team will keep you informed of the progress being made towards a fix and announcement, and may ask for additional information or guidance.
By default Warehouse.ai runs as an service over
http and has no authentication in place.
Setup the configuration to have Slay use
https and use authentication middleware, for example authboot.
Store API keys and tokens in an encrypted config with whisper.json.
Known security issues and future enhancements