Trying to get in touch regarding a security issue
zidingz opened this issue · comments
Hey there!
I'd like to report a security issue but cannot find contact instructions on your repository.
If not a hassle, might you kindly add a SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
@zidingz This project has no real "owner" - nobody works on it regularly. If you have a patch that fixes the security issue, please submit it as a PR.
Otherwise, I'd just open a ticket that describes the problem. If there is anyone out there using this project that feels it's urgent enough to fix, they'll submit a PR.
Responsible disclosure only works when there's a maintenance team. In this case, there isn't.
If someone out there notices this ticket and is willing to work with @zidingz on the issue, feel free to chime in here.