How to report security vulnerabilities

Question

How to report security vulnerabilities

btoews opened this issue 2 years ago · comments

The documentation for this project doesn't specify how security vulnerabilities should be reported. I sent an email on September 9th to the address listed in the gemspec and haven't received a response. Would opening an issue/PR be better? Thanks.

Nov Matake · Answer 1 · Wed Oct 05 2022 07:03:28 GMT+0800 (China Standard Time)

email is OK, but I couldn't notice your mail in September and can't find it

Ben Toews · Answer 2 · Wed Oct 05 2022 08:28:44 GMT+0800 (China Standard Time)

I sent it again. It’s from a latacora.com email address.

…

On Tue, Oct 4, 2022 at 5:03 PM Nov Matake ***@***.***> wrote: email is OK, but I couldn't notice your mail in September and can't find it — Reply to this email directly, view it on GitHub <#108 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAIXLBPKS7HE23VZT5VNBYTWBSZUZANCNFSM6AAAAAAQ4WLXKU> . You are receiving this because you authored the thread.Message ID: ***@***.***>