search

WBCE / WBCE_CMS

Core package of WBCE CMS. This package includes the core and the default addons. Visit https://wbce.org (DE) or https://wbce-cms.org (EN) to learn more or to join the WBCE CMS community.
https://wbce-cms.org
GNU General Public License v2.0
31 stars 22 forks source link

How to get in touch regarding a security concern #514

Closed JamieSlome closed 2 years ago

JamieSlome commented 2 years ago

Hey there!

I belong to an open source security research community, and a member (@maxway2021) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

ghost commented 2 years ago

I have created a Security.md for you. If email is too insecure for you, you can also reach us through our forum

JamieSlome commented 2 years ago

@Colinax - you should receive an e-mail from our system shortly with further details about the security issue (cc @maxway2021).

Otherwise, you can view the report directly here (private to maintainers only):

https://huntr.dev/bounties/c330dc0d-220a-4b15-b785-5face4cf6ef7/