When reporting a vulnerability, please try and give as much detail as possible:
- What is the vulnerability
- How the vulnerability was found
- How to replicate the bug/vulnerability
- Any possible steps that could be taken to patch the vulnerability.
To report a non-serious security vulnerability, please post in the discussions section.
Discussions are checked at least once every 24 hours
When reporting a serious vulnerability such as a zero-day, please email me directly at: isaacljubic@valency.dev.
Emails are checked at least once every 8 hours
Further down the line with funding, we would like to set up a bug bounty system that rewards these contributors.
We appreciate all help we can get :)