Who to contact for security issues

fecshop / yii2_fecshop

yii2 ( PHP ) fecmall（fecshop） core code used for ecommerce shop 多语言多货币多入口的开源电商 B2C 商城，支持移动端vue, app, html5，微信小程序微店，微信小程序商城等

http://www.fecmall.com

BSD 3-Clause "New" or "Revised" License

5.24k stars 1.42k forks source link

Who to contact for security issues #100

Closed zidingz closed 2 years ago

zidingz commented 3 years ago

Hey there!

I belong to an open source security research community, and a member (@sudheendra17) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

fancyecommerce commented 2 years ago

https://github.com/fecshop/yii2_fecshop/blob/master/SECURITY.md

security.md file has created. thank you .

JamieSlome commented 2 years ago

@fancyecommerce - please see the report here:

https://huntr.dev/bounties/0faf3ab0-a011-4939-b6ee-da9118da60f7/

It is private and only accessible to maintainers with repository write permissions 👍

fancyecommerce commented 1 year ago

@zidingz mail to fecify@126.com , thanks

psmoros commented 1 year ago

Will do @fancyecommerce :) Thank you!