Trying to get in touch regarding a security issue
zidingz opened this issue · comments
Hey there!
I'd like to report a security issue but cannot find contact instructions on your repository.
If not a hassle, might you kindly add a SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
Thank you both @ikkez and @KOTRET
Unfortunately, there is an inherent limitation to our system that won't allow me to grant your team access to the report pages without an authorised email. This is because we verify maintainer status based on GitHub accounts and write-access i.e. merging a SECURITY.md
. Does that sound reasonable? I'm happy to answer any questions you may have; you may also read more on huntr.dev
And if it'll save you time: #1233
Thanks for the posted issues. There's nothing to worry about. Looks like some simple static code analyzer results to me. It's good to check twice, but these are no security issues in the used context.
NB: issues posted were about a random number usage and merging php globals. Hit me if you want to know more.
Thank you for your time!