Open igibek opened 1 year ago
@igibek thank you for reaching out. Please email security@timescale.com with your findings. If the content is extremely sensitive, feel free to GPG it. My personal GPG key is:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZA73cBYJKwYBBAHaRw8BAQdAU6GRbFIRZ/HyMVg6Mnb9YAf6AsfmXem9tSiu
tgL+jza0TUF0aGFuYXNpb3MgS29zdG9wb3Vsb3MgKEF0aGFuYXNpb3MnIFRpbWVz
Y2FsZSBLZXkpIDxhdGhhbmFzaW9zQHRpbWVzY2FsZS5jb20+iJkEExYKAEEWIQQQ
Eni4Lpa/Ik+MiPZaqMuzCN/lBwUCZA73cAIbAwUJAd/iAAULCQgHAgIiAgYVCgkI
CwIEFgIDAQIeBwIXgAAKCRBaqMuzCN/lB4/RAQCjp4UQcxxqm0TEw+YnFaxpgXmu
ozDm6p+lGP/9FSojdgEA4hkjP0H/E/NxQvJRuqKSNLjG0Bf+iLHkaATXjrMouwm4
OARkDvdwEgorBgEEAZdVAQUBAQdAYzl3AjIZVqS1yNFk1Dun+9iJ2iwFUZTbTTZc
YcTx0goDAQgHiH4EGBYKACYWIQQQEni4Lpa/Ik+MiPZaqMuzCN/lBwUCZA73cAIb
DAUJAd/iAAAKCRBaqMuzCN/lB79qAP9clLF4366q8ULJcqp4AlfRTAPajJf7CWdp
h/Km8NnqXAEA+17yiKIt8lTCqkABRKbWPDc2d4rCbVtLtT8ysiVHQw4=
=X+rV
-----END PGP PUBLIC KEY BLOCK-----
Hello!
I hope you are doing well!
We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.
Can you enable it, so that we can report it?
Thanks in advance!
PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository