Trying to get in touch regarding a security issue

q2a / question2answer

Question2Answer is a free and open source platform for Q&A sites, running on PHP/MySQL.

http://www.question2answer.org/

GNU General Public License v3.0

1.63k stars 628 forks source link

Trying to get in touch regarding a security issue #907

Closed zidingz closed 1 year ago

zidingz commented 3 years ago

Hi there,

I couldn't find a SECURITY.md in your repository and am not sure how to best contact you privately to disclose a security issue.

Can you add a SECURITY.md file with an e-mail to your repository, so that our system can send you the vulnerability details? GitHub suggests that a security policy is the best way to make sure security issues are responsibly disclosed.

Once you've done that, you should receive an e-mail within the next hour with more info.

Thanks! (cc @huntr-helper)

svivian commented 1 year ago

We have a notice in the docs that links to the form here: https://www.question2answer.org/feedback.php

However I will also add the md file like you suggest :)