andersao / l5-repository

Laravel 5 - Repositories to abstract the database layer
http://andersao.github.io/l5-repository
MIT License
4.19k stars 878 forks source link

Communication channel regarding security issue @andersao #796

Open angelej opened 1 year ago

angelej commented 1 year ago

Hi @andersao, unfortunately there is no security policy, a disclaimer or contact details nor is the security advisory feature enabled.

How do I get in touch with you regarding a security issue?

Webklex commented 1 year ago

Hi @andersao, whats the best way to report a vulnerability without risking the user base?

The project security / advisory option isn't turned on: https://github.com/andersao/l5-repository/security

Otherwise security issues have to be dropped publicly without the possibility to provide / develop a patch before its disclosure - which is of course not really great. Please consider enabling the project security policy to keep us all save :)