Rokt33r
commented
2 years ago Sorry for my late response. We will add it soon. For now, please send it to rokt33r@boostio.co or info@boostnote.io.
Closed JamieSlome closed 2 years ago
Rokt33r
commented
2 years ago Sorry for my late response. We will add it soon. For now, please send it to rokt33r@boostio.co or info@boostnote.io.
JamieSlome
commented
2 years ago @Rokt33r - not at all! 👍
We did send some e-mails to the info@ e-mail address but did not receive a response. If it makes it easier, you can find both reports here:
https://huntr.dev/bounties/d8c76c3c-a81b-4f3c-b93f-b6a623089c6a/ https://huntr.dev/bounties/d349aa46-1a60-4ee0-94c1-394e50c72f5d/
They are both private and only accessible to maintainers with repository write permissions 😄
Rokt33r
commented
2 years ago Confirmed! Thanks for the links. We will fix the issues soon.
JamieSlome
commented
2 years ago @Rokt33r - you are welcome! 👍 If you require any support with the fix, feel free to drop a message on the reports, and I am sure the researcher will be able to help.
Hey there!
I belong to an open source security research community, and a member (@effectrenan) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.mdfile with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)