TIBCOSoftware / jasperreports

JasperReports® - Free Java Reporting Library
https://community.jaspersoft.com/downloads/community-edition/
GNU Lesser General Public License v3.0
1.07k stars 404 forks source link

Best way to responsibly disclose a vulnerability #472

Closed JamieSlome closed 3 months ago

JamieSlome commented 3 months ago

What is the best way to disclose a vulnerability or security issue for this repository? Is there an e-mail address or process?

Should we create a SECURITY.md to make this clear in the future for future security researchers?

dadza commented 3 months ago

Please write an email to js-product-team@cloud.com describing the issue.

We will consider writing a SECURITY.md for future reports.

Thank you for reporting your research findings.

JamieSlome commented 3 months ago

Thank you for sharing 🙌