Skip to content

Security issue – request for private disclosure channel #1373

Description

@Fewword

I recently audited this project and found several security vulnerabilities. I would like to report them privately so they can be fixed before any public disclosure.

I noticed the repository currently lacks:

  • A SECURITY.md file
  • A vulnerability disclosure policy
  • Security-related issue templates or labels

Could you advise:

  1. Is there a preferred email or private channel where I can send the detailed vulnerability report?
  2. Would you prefer I use the GitHub Security Advisory feature instead?
  3. Would you consider adding a SECURITY.md to guide future reporters?

Thank you!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions