Who to contact for security issues

[zidingz]

Hey there!

I belong to an open source security research community, and a member (@ktg9) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

[JamieSlome]

@rxtur - just a heads up that we also have these reports against the repository:

https://www.huntr.dev/bounties/732943c9-a344-41f7-af76-491c3074965b/ https://huntr.dev/bounties/41be3de5-fd26-4207-a447-71c7723c1636/ https://huntr.dev/bounties/58cbfaf5-d390-4038-9650-c31797bed351/ https://huntr.dev/bounties/712da34e-817a-489a-9ca1-c52977de0397/ https://huntr.dev/bounties/85818a06-a234-4742-95e9-adc0d2ef3d4f/ https://huntr.dev/bounties/a1d29f4f-3f99-47a9-87bb-c1bc3e3007c1/ https://huntr.dev/bounties/4c733f44-c755-49a4-959f-9b3246ad2d36/ https://huntr.dev/bounties/373e7ca7-768b-4f77-ae70-a2a156daaee7/ https://huntr.dev/bounties/80db3a88-3212-4e0b-8d88-97b0394fb13d/

Let me know if you have any questions! 👍