search

msgpack / msgpack-php

msgpack.org[PHP]
BSD 3-Clause "New" or "Revised" License
773 stars 119 forks source link

How to get in touch about a security issue? #158

Closed zidingz closed 1 year ago

zidingz commented 3 years ago

Hey there,

As there isn't a SECURITY.md with an email on your repository, I am unsure how to contact you regarding a potential security issue.

Would you kindly add a SECURITY.md file with an e-mail to your repository? GitHub recommends this as the best way to ensure security issues are responsibly disclosed, and it would massively help security researchers get in touch next time.

Thank you so much and I look forward to hearing from you!

m6w6 commented 3 years ago

I think one can email privately through github, but I agree that a formal way would be beneficial. Please poke me at mike@php.net unless you've got a PR handy adding a SECURITY. md

zidingz commented 3 years ago

Thanks for your quick response! Here's the PR: https://github.com/msgpack/msgpack-php/pull/159

An email should be with you soon 😊