New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trying to get in touch regarding a security issue #778
Comments
Hi @JamieSlome @HDVinnie, thank you. Feel free to send me an email at hello@laravel.io and I'll get back to you as soon as I can. I'll add a Thanks! |
@driesvints - sorted for you 👍 You should have just received an e-mail. Otherwise, you can view the private report here: https://huntr.dev/bounties/5cd5fe0d-b3e1-4de4-816e-8d5af1b6f173/ |
@driesvints thanks for taking the time to do this. I see you read the report and pushed a fix. Mind validating it on huntr? Once that is done I have another to report. |
I don't use that site sorry. |
@driesvints - no worries, we can arrange this for you, can you please confirm the commit SHA that addressed the issue? |
@JamieSlome here: 8dd022f |
@driesvints - thanks for the support! 👍 This report has now been marked as valid. Do you have a version number for the fix? |
@JamieSlome this is an app, not a package. There's no versioning. |
@driesvints - thanks for the info 😄 |
@driesvints Thanks again for taking the time to read the disclosure and publish a fix. I do have one more for you if your up for it. I know you said you don't want to use the site so you can just visit the link, read it and then just let @JamieSlome know here that you confirm its a issue and a commit SHA if you decide to fix. https://huntr.dev/bounties/1e2511a6-ed60-4c6b-8385-0fb6578e68cb If you no longer wish me to do research bon this app just let me know and I will cease doing so. Thanks again for taking the time and making this platform for Laravel devs. Im a Lover of Laravel, Livewire and AlpineJS so I can appreciate this. |
Thanks @HDVinnie, I appreciate it 👍 Feel free to send whatever you have to the email address in the security policy. |
Sent |
Hey there!
I belong to an open source security research community, and a member (@HDVinnie) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: