New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential security issue #2378
Comments
Thanks @JamieSlome @huntr-helper . We will definitely get back to you directly with specific instructions and add the file as well so others can use it. Thanks! |
@JamieSlome we are in the process of setting up a system for security researchers and I will definitely create the SECURITY.md file with those instructions once it is complete. While this is in progress, any of your team can email me directly at ktaggart@liquibase.com and I will get the potential vulnerability s into the right pipelines over here. Thanks again! |
@kataggart - thanks for your response! I mistakenly sent an e-mail to your organization's e-mail, but just sent it directly to your e-mail instead. Let me know if you have any questions! 👍 Ref: |
@JamieSlome got it! We are using that to possibly move the issue forward. Thanks! |
@kataggart Can you please validate the report using |
@ready-research I left a question via the issue in your app. Thanks. |
@kataggart huntr will provide bounties for security issues once maintainer accepts a issue as valid. There is no need to pay bounties by the maintainers. Maintainers just need to validate the huntr report. Thanks. |
You can also confirm the fix so that whoever (maintainer/reporter) fixes the issue they will also get fix bounty. Once the fix is confirmed the report will be disclosed publicly. Thanks again for validation. |
Hey there!
I belong to an open source security research community, and a member (@ready-research) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: