Potential security issue #2378
Comments
|
Thanks @JamieSlome @huntr-helper . We will definitely get back to you directly with specific instructions and add the file as well so others can use it. Thanks! |
|
@JamieSlome we are in the process of setting up a system for security researchers and I will definitely create the SECURITY.md file with those instructions once it is complete. While this is in progress, any of your team can email me directly at ktaggart@liquibase.com and I will get the potential vulnerability s into the right pipelines over here. Thanks again! |
|
@kataggart - thanks for your response! I mistakenly sent an e-mail to your organization's e-mail, but just sent it directly to your e-mail instead. Let me know if you have any questions! 👍 Ref: |
|
@JamieSlome got it! We are using that to possibly move the issue forward. Thanks! |
|
@kataggart Can you please validate the report using |
|
@ready-research I left a question via the issue in your app. Thanks. |
|
@kataggart huntr will provide bounties for security issues once maintainer accepts a issue as valid. There is no need to pay bounties by the maintainers. Maintainers just need to validate the huntr report. Thanks. |
|
You can also confirm the fix so that whoever (maintainer/reporter) fixes the issue they will also get fix bounty. Once the fix is confirmed the report will be disclosed publicly. Thanks again for validation. |
Hey there!
I belong to an open source security research community, and a member (@ready-research) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.mdfile with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: