[✨] How to contact for security issues & Adding security policy

arkark commented 6 months ago

Is your feature request related to a problem?

I found a security issue in Qwik, but I could not find the way to contact Qwik authors privately. May I ask you to tell me a contact method you prefer?

Describe the solution you'd like

I suggest you to put SECURITY.md (a security policy) at the root.

As another choice, if the project authors enable "Private vulnerability reporting" on GitHub, I can report the issue privately.

ref: https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository#enabling-or-disabling-private-vulnerability-reporting-for-a-repository

Describe alternatives you've considered

-

Additional context

No response

arkark commented 6 months ago

I updated the title, and does anyone have this issue?

Sorry to bother you.

shairez commented 5 months ago

Thanks @arkark ! We'll add a way to submit security issues and a SECURITY.md file Will update here once it's ready

shairez commented 5 months ago

@arkark you can now report security issues -

https://github.com/QwikDev/qwik/blob/main/SECURITY.md

Thanks again!

arkark commented 5 months ago

Thank you! I'll report it in a few days.

QwikDev / qwik