Closed JamieSlome closed 1 year ago
ninewise
commented
2 years ago I think a security file is perhaps a bit much. Are you OK with contacting me on IRC? I'm the registered user called ninewise on the channel announced in the README.
Alternatively you could send an PGP-encrypted e-mail to the key I've used to sign commits here (862AA368).
JamieSlome
commented
2 years ago @ninewise - sure, I can send an e-mail :)
Just for reference, the report itself can be found directly here:
https://huntr.dev/bounties/1e1e0c05-8f97-4794-94ca-a17ebf03f97a/
It is currently private and requires repository write permissions to view the contents 👍
mcepl
commented
1 year ago @ninewise, I guess this particular ticket can be closed, cannot it? If anything, it would be resolved outside of it.
Hello 👋
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@njord0) has found a potential issue, which I would be eager to share with you.
Could you add a
SECURITY.mdfile with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.Looking forward to hearing from you 👍
(cc @huntr-helper)