search

cydrobolt / polr

:aerial_tramway: A modern, powerful, and robust URL shortener
https://polrproject.org
GNU General Public License v2.0
4.95k stars 893 forks source link

Responsible disclosure policy #611

Open zidingz opened 2 years ago

zidingz commented 2 years ago

Hey there!

I belong to an open source security research community, and a member (@0xad3l) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

brandonsturgeon commented 2 years ago

Could we get some kind of indication as to how serious this issue is?

I'm looking to use this project, but if they can't even respond to responsible disclosure requests...