Found a possible security concern #491
Comments
|
Please report any security-related issues concerning njs to security-alert@nginx.org. For our mutual convenience, specifically mention njs in the subject and follow the CVSS v3.1 specification. See https://nginx.org/en/security_advisories.html for confirmation of the contact method. |
|
Thanks for your response @lcrilly 👍 We have just sent an e-mail to the elected address. We do follow the CVSS specification which can be found in the report. Let me know if you have any questions and I will be happy to help! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey there!
I belong to an open source security research community, and a member (@salmonx) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.mdfile with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: