Create SECURITY.md

[JamieSlome]

Hey there!

I belong to an open source security research community, and a member (@harunoz) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

[harunoz]

Thank you for your help Jamie.

[richardgirges]

Hi Jamie and Harun,

Here is the SECURITY.md file: https://github.com/richardgirges/express-fileupload/blob/master/SECURITY.md

I am currently the only maintainer on this project. I would appreciate any support in the form of PRs (whether it's actual security fixes or simply reporting known security vulnerabilities).

Thanks,

Richard

On Sat, Mar 12, 2022 at 12:25 PM Harun @.***> wrote:

Thank you for your help Jamie.

— Reply to this email directly, view it on GitHub https://github.com/richardgirges/express-fileupload/issues/305#issuecomment-1065956960, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJLLDUWOBN6JEH5IVM46XTU7T4R7ANCNFSM5QSKOW4A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you are subscribed to this thread.Message ID: @.***>

[JamieSlome]

@richardgirges - thanks for your support!

We have already sent an e-mail to your elected address, have you been able to see this in your inbox?

You can also view the report directly here: https://huntr.dev/bounties/1d096e50-04ee-42b2-abd1-786f5c750851/

It is private and only accessible to you! 👍