power-lin
commented
2 years ago Thanks for the reminder, we've added SECURITY.md now~
Open JamieSlome opened 2 years ago
power-lin
commented
2 years ago Thanks for the reminder, we've added SECURITY.md now~
JamieSlome
commented
2 years ago @power-lin - great, we really appreciate it!
We will get an e-mail sent over to that address shortly. In the meantime, you can view the report here:
https://huntr.dev/bounties/16ec36c3-96a6-479a-97ff-32956d99bda9/
It is private and only accessible to maintainers with repository write permissions! ❤️
EDIT: we did also send an e-mail to labs@dianping.com a little while back.
power-lin
commented
2 years ago We have received your report, thank you for your feedback!
Hey there!
I belong to an open source security research community, and a member (@michaellrowley) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.mdfile with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)