Create SECURITY.md
zidingz opened this issue · comments
Hey there!
I belong to an open source security research community, and a member (@yetingli) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
Hi, thanks for this suggestion. I've added a SECURITY.md
file with a contact email here.
The reported vulnerability (an inefficient regex in the trim() function) is not a real threat. I marked the threat as invalid.