Trying to get in touch regarding a security issue

[JamieSlome]

Hey there!

I'd like to report a security issue but cannot find contact instructions on your repository.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

[sbrl]

Hey there, @JamieSlome! As I mentioned to the other person reporting in #222, it is very clearly stated in my README how I prefer people to contact me about security issues which I even turned into a dedicated section:

Security

If you've found a security issue, please don't open an issue. Instead, get in touch privately - e.g. via Keybase or by email (security [at sign] starbeamrainbowlabs [replace me with a dot] com), and I'll try to respond ASAP.

If you would like to encrypt any communications with me, you can find my GPG key here.

While I'm baffled that this appears to be such a challenge for security researchers, I'll happily add such a file to make it even more impossible to ignore.

Please also reply on here too to let me know which method you've sent me a message through so I can track it down.

[sbrl]

Emails received. Some are valid, others are invalid. I'll fix the valid ones as soon as I get a minute.

[sbrl]

Fixed the valid ones.

[sbrl]

If additional vulnerabilities are found, please follow the security vulnerability reporting procedure I've documented in both the README and SECURITY.md.