We take security bugs seriously and appreciate your efforts to responsibly disclose your findings. We will make every effort to acknowledge your contributions.
To report a security issue, please use the GitHub Security Advisory
"Report a Vulnerability" tab in
https://github.com/Neved4/<project>/security/advisories/new
.
We will send a response indicating the next steps in handling your report. After the initial reply to your report, we will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
Report security bugs in third-party modules to the person or team maintaining the module.
Advance warnings that say that a new release is coming and, depending on the sensitivity and availability of invitation, some of the following:
- affected versions
- affected platforms
- possible mitigations
Notifications are a disclosure of vulnerabilities. These will give some information about the vulnerability, e.g. what features are affected, mitigation strategies, and how the vulnerability was discovered.
These announcements will typically be made alongside new releases which fix the issue.