You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to suggest adding a proper point-of-contact for security-related issues. Here's why:
The current instructions to create a forum account and to private message an administrator is not feasible as there are restrictions in place that prevent new accounts from sending private messages.
Opening a support ticket is not productive. The support agents are not trained to triage security bug reports and thus acts as an extra hurdle between the bug reporter and the maintainers/developers. When requesting to send a bug report to the developers, the agents would ask you to just send it over in plain view to them, to which they would forward it to the developers. When asked if there are any GPG keys available, the answer would be no.
There are no further instructions nor contact details for reporting security vulnerabilities. I am opening this Issue on your GitHub repo because I am out of options.
The text was updated successfully, but these errors were encountered:
Thanks for getting back. Can you please let me know where can I reach you regarding a security issue I have found in the codebase? It still exists in the latest version of the codebase, so I will not be disclosing it publicly here.
Hi team,
I would like to suggest adding a proper point-of-contact for security-related issues. Here's why:
The text was updated successfully, but these errors were encountered: