Reporting a vulnerability

[igibek]

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

[badideasforsale]

Hello, Thanks for mentioning this and wanting to disclose responsibly. We're working on revamping how we take in security findings, and will enable private vulnerability reporting as part of that. However, in the meantime, please send an email to security@temporal.io with your findings and we'll take a look.

Thank you!