DO NOT report security vulnerabilities directly on the public repository. Instead, please follow our responsible disclosure policy.
If you discover a security vulnerability in this project, we kindly request you to notify us immediately by sending an email to hello@ternent.dev. We will acknowledge your email within 72 hours and work to address the issue as soon as possible.
Please provide the following details in your report:
- A clear description of the vulnerability and the affected areas.
- Steps to reproduce the vulnerability.
- Your name and contact information (optional).
We believe in responsible disclosure, and we greatly appreciate your efforts in reporting security vulnerabilities to us privately. To encourage responsible reporting, we commit to the following:
- We will respond to your report within 72 hours to acknowledge its receipt.
- We will work with you to understand and validate the reported vulnerability.
- We will keep you informed of our progress and expected timelines for addressing the issue.
- We will give credit to the reporter in the acknowledgments section of the repository once the issue is resolved (if you wish to be credited).
Please note that this security policy only applies to security vulnerabilities related to this repository. For non-security-related issues, you can report them through the standard issue tracker.
When reporting a vulnerability, you may classify its severity based on the following guidelines:
- Critical: Vulnerabilities that can lead to remote code execution or unauthorized access to sensitive data.
- High: Vulnerabilities that can lead to privilege escalation, data manipulation, or other serious security issues.
- Medium: Vulnerabilities that have limited impact or require specific conditions to be exploited.
- Low: Minor vulnerabilities with limited security impact.
If you have any questions or need further assistance, feel free to reach out to us at hello@ternent.dev.
Thank you for your contribution to the security of our project.