search

sdelements / lets-chat

Self-hosted chat app for small teams
http://sdelements.github.io/lets-chat
MIT License
9.76k stars 1.58k forks source link

Trying to get in touch regarding a security issue #819

Closed zidingz closed 2 years ago

zidingz commented 2 years ago

Hey there!

I'd like to report a security issue but cannot find contact instructions on your repository.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

hhaidar commented 2 years ago

Hey @zidingz, thank you. I think we're planning on archiving the project at some point but I'll try my best to address the issue.

You can reach out to me directly:

houssam@sdelements.com

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBE3Ks0ABCAC9Hj+kcyhMWdfntQwqFp3bCVJE7V8Ejd1gyKuiVgBUY9u0ZF3H
HqpNUF2Ik1X7XJIZxpwR+xR19u65EFA6cUXdVvoCy9qTZ2p6zGyuvuWL6ly61gLU
sbNxeuKIZbciDRxgGBl8aBe2m95QCVC4zHqlDF42MACH/k8XWsEH6/Tztn3mVu6/
A3ntmqkgOIcKTlthsSovO2oFmOjawql9oJV875H3AIZrJo8TZQXLfpSFzz+TTpwb
OK206L0QElfUkK099oHpTKnVElvGbLzeYzwLBokeUwB1mwYad/zl2PYtaq1WjUqM
zIdYcUDv8Nw2UzH970oOWTtgiqFKYuZGDzKZABEBAAG0JkhvdXNzYW0gSGFpZGFy
IDxob3Vzc2FtQHNkZWxlbWVudHMuY2E+iQFyBBABAgBcBQJNyrNAMBSAAAAAACAA
B3ByZWZlcnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdwbWltZQgLCQgHAwIK
AQIZAQUbAwAAAAUWAAMCAQUeAQAAAAYVCAkKAgMACgkQ1IQbXAMQ13i5+Qf+PqvT
G2M3j/hvA+84m8lUGmIA9odgAjeUIalbh95SiinkcxGH4CGVkgPbUGHhNViXF1FA
UMlEyLuxtP2V2GkcaySRnlblVwZmLVHi0MPOyvVbwZyepNUVtqgcMonsFpcBDMCF
GX10Pjkczq265ErqXSLGzyzay1rMnAJoTuUCUW/QDXQvH7N7ZlPQVUUf7DiN2yH3
whp9xKZ2SoSqTDdhFuqNmXtStyEkZSXnGaGfAAHij/UTSSRji8XKyPd5F4bGWCNd
cevuJflyxVeMaqGBTefVpzV87V8Bw8EsnOW/74O/TfGCcqlB4fXdcbJgws1xHAZn
Pml2mn5nRu1hYdmll7QsSG91c3NhbSBIYWlkYXIgPGhvdXNzYW1Ac2VjdXJpdHlj
b21wYXNzLmNvbT6JAW8EEAECAFkFAk3Ks0EwFIAAAAAAIAAHcHJlZmVycmVkLWVt
YWlsLWVuY29kaW5nQHBncC5jb21wZ3BtaW1lCAsJCAcDAgoBBRsDAAAABRYAAwIB
BR4BAAAABhUICQoCAwAKCRDUhBtcAxDXeCN9B/0dAmATAAq+Q0mJw6JBcjSEZdlK
aSn525AC89oBOUm63KpVs3sETGwkijPesvZ00QhPeNVqTNSbDprnZmKMCrpC5glh
xG8ZSFCDUkiuflQUfTfjuHYhbMX19kMz9SzSJHUD09mE6ttR80XyZer+3cABVspx
9xgvqtr8L0WSXcZwBZPf5dWKzCFbjNPHUZt5luz1l/dm8XWzKN0wx6ZmXgjq/kZi
8yaYz5qFuIgQsobb+uzLLVVrDBbW+hFhq9KY1UfE8XaYJzdDLHY4YF9vBG609K0+
CDYGh9Pcngj37J3kdZB/BdNaPPVdyPUNlLNE9LoZeq/a7nhyW+Y3LGSJE4tFuQEN
BE3Ks0ABCADX+Knl/QYPCD/fxXL1eTShRUseqyWYcQCWi8GYudiTCQqHtavedipL
f/p14MvJdjQHwiREWoD3kL3W4uebNWCU6dI/LC7M7vp43bfplTR+F0f/KQKcutee
7wf7nGFbUtZ+rVG1ztYV9fw7ZrcZF0U/OnXyQGxD4uSGIvnur2UWFgpOxES0mV3C
jSs9dCjjqh4igtUKs0ljgNjkHQCm0ZzgaE/ZyrSVRCTesMUPx176XFt0TzIeZUN9
2Iw1tRV/0PlHTpMXgmoC/DUvI5rofMPfapC7lAy/c/iLqpXgiYv/ydgnSoxxjv8B
0E9r3oG4zd2HNEn6+erp5K+i5UGvnl8HABEBAAGJAkEEGAECASsFAk3Ks0EFGwwA
AADAXSAEGQEIAAYFAk3Ks0AACgkQ4CCqKJ7rxrAL6wf+O/f+O4EZVUpIL92IxMSB
msiNsylvmcGirIbl5khWlLr2YJkuhmOYtuAUVFCCIm81Q206+JpQHPc9I7DkmtA+
P5vZWOPxAfNmpswPM5Z9PNUSPMUFibwP2qjZP7D04V2wxLvhmbtFWax1z2sDbl3y
f5s8b/U9peZuKLAA7iic/oauEy+7yd3HL6hZcwG09vXAnYlpg8Z0ZC7q2PjBIfXH
mv/omKhfzM8DWm7CHVcwuPgd+KRWEUOS4L6ZySBrr6NVE3JsRouuRyPD7nAAtxAY
H6uJmWYVWZWbi/peP8VFFWe0fW/KIbi/bBxBcnJuk0qKbHcA8N9slb5f5PlyIEug
EgAKCRDUhBtcAxDXeBeGB/4xY5PZwt0qliwdg+aeyrHOpb6+/KSfVlNVOyW56Tfx
3t5xuJ/w3ORGOGS41a1+l43QGsmBWYKNkGtfG4CXtnAG86khqjoc/TZc9PnDx7Rf
dKPKFbqZMv2yiI3eKrf4m34JWskfT/KL5kRnHN01a19Vo2TKvLSnxZpnhvSEdHRJ
NAc4PVTLC3qUo4P05bQzyrtg9Fze16SFPRwRYitR2uvZYp+y9fA4msq4rbfOUKak
KbSVsDgMuwW70gix/dflSwC3FdQHWA+9qAculXDTHmJwnm6JQGWkPO7q0bhiX4Nh
E/DjBbMTad6RUD2cjSFMt6XZVoc2OaeORx2lRqXK2x5M
=qIzq
-----END PGP PUBLIC KEY BLOCK-----
zidingz commented 2 years ago

Thanks for your reply!

As an alternative to archiving, you might consider finding new (co-)maintainers for your open source software project on https://adoptoposs.org/

zidingz commented 2 years ago

And if it'll save you time: https://github.com/sdelements/lets-chat/pull/820