Hey there!

I'd like to report a security issue but cannot find contact instructions on your repository.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

@ikkez @xfra35 @bcosca @Rayne guess this should be redirected to the slack channel?

@zidingz yes.. please join our slack channel and DM to me, ikkez, or rayne or n0nag0n
a SECURITY.md is also a good idea.. guess we need to setup some email forwarding first @sn0opy !?

Thank you both @ikkez and @KOTRET

Unfortunately, there is an inherent limitation to our system that won't allow me to grant your team access to the report pages without an authorised email. This is because we verify maintainer status based on GitHub accounts and write-access i.e. merging a SECURITY.md. Does that sound reasonable? I'm happy to answer any questions you may have; you may also read more on huntr.dev

And if it'll save you time: #1233

Merged. @KOTRET @Rayne @xfra35 @sn0opy ... I've just placed my email in the security file at the moment. Hit me if I should put one of yours there as well or when a forwarder was set up. thx

Thanks for the posted issues. There's nothing to worry about. Looks like some simple static code analyzer results to me. It's good to check twice, but these are no security issues in the used context.

NB: issues posted were about a random number usage and merging php globals. Hit me if you want to know more.

Thank you for your time!