We take security bugs in our projects seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
To report a security issue, you can use one of the following methods:
-
GitHub Security Advisory
Use the Report a Vulnerability button (if available) under the
Security > Report a Vulnerabilitybutton. This is usually in the address of:https://github.com/markbattistella/[your-repo]/security/advisories/new. -
Mastodon: Contact us on Mastodon @markbattistella@mastodon.au.
-
Security Issue GitHub Issue: Open a new issue on our GitHub repository and use the "Security Issue" template to provide details about the vulnerability.
After the initial reply to your report, we will aim to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
If you find a security bug in a third-party module that we use, please report it to the person or team maintaining that module.
To learn more about securing your application, consider the following resources:
- OWASP Top Ten
- CWE/SANS Top 25 Most Dangerous Software Errors
- Mozilla Developer Network (MDN) Web Security
- Security Best Practices on GitHub
We are committed to ensuring the security and privacy of our users. Thank you for helping us achieve this goal.