Open angelej opened 1 year ago
Hi @andersao, whats the best way to report a vulnerability without risking the user base?
The project security / advisory option isn't turned on: https://github.com/andersao/l5-repository/security
Otherwise security issues have to be dropped publicly without the possibility to provide / develop a patch before its disclosure - which is of course not really great. Please consider enabling the project security policy to keep us all save :)
Hi @andersao, unfortunately there is no security policy, a disclaimer or contact details nor is the security advisory feature enabled.
How do I get in touch with you regarding a security issue?