Add SECURITY.md - Githubissues

yumata / lampa

GNU General Public License v2.0

334 stars 87 forks source link

Add SECURITY.md #147

Open JamieSlome opened 1 year ago

JamieSlome commented 1 year ago

Hello 👋

I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@nerrorsec) has found a potential issue, which I would be eager to share with you.

Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.

Looking forward to hearing from you 👍

(cc @huntr-helper)

yumata commented 1 year ago

I don't really understand why this file is needed. Any examples of this file?

JamieSlome commented 1 year ago

@yumata - it ensures that we are contacting an e-mail address that has been suggested by the maintainer(s) by someone with the ability to create a SECURITY.md.

That said, you can also view the report directly here: https://huntr.dev/bounties/aab2530a-f12b-4cf6-b769-9000fe036970/

It is currently private and only accessible to you (@yumata) 👍

yumata commented 1 year ago

Added.

JamieSlome commented 1 year ago

@yumata - thanks for your diligence :)

Have you had an opportunity to take a look at the report?

yumata commented 1 year ago

Have you had an opportunity to take a look at the report?

I have used this for tests and in free mode. Now I don't use this site.