If you discover a security vulnerability in Narrowlink, please follow these steps:
-
Do Not disclose the vulnerability publicly or to anyone other than the Narrowlink security team.
-
Report the vulnerability via email to security@narrowlink.com. Include:
- A description of the vulnerability and affected component(s).
- Steps to reproduce or a Proof of Concept (PoC) if available.
- Your contact information (name, email).
-
Our security team will acknowledge your report within 48 hours.
-
We aim to respond within 7 days and will provide updates on the investigation and remediation.
-
Once resolved, we will publicly acknowledge your responsible disclosure, unless you prefer to remain anonymous.
Do not create a GitHub issue for security-related reports or publicly disclose security issues.
This policy covers official Narrowlink source code and releases, not third-party modules or plugins.
We appreciate security researchers and the community. In return for responsible disclosure, we commit to:
- Timely response and regular updates on the vulnerability's progress.
- Publicly acknowledging your responsible disclosure, unless you prefer anonymity.
Please refrain from any actions that may exploit or damage Narrowlink systems, data, or users.
For security inquiries or to report a vulnerability, contact us at security@narrowlink.com.