If you believe you have found a security vulnerability on one of parse-community maintained packages, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem. Before making a report, please review this page to understand our disclosure policy and how to communicate with us.
If you comply with the policies below when reporting a security issue to parse community, we will not initiate a lawsuit or law enforcement investigation against you in response to your report. We ask that:
- You give us reasonable time to investigate and mitigate an issue you report before making public any information about the report or sharing such information with others. This means we request at least 7 days to get back to you with an initial response and at least 30 days from initial contact (made by you) to apply a patch.
- You do not interact with an individual account (which includes modifying or accessing data from the account) if the account owner has not consented to such actions.
- You make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) destruction of data and interruption or degradation of our services.
- You do not exploit a security issue you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues). You do not violate any other applicable laws or regulations.
All vulnerabilities should be privately reported to either Node Security or directly to us at the following address security at parseplatform dot org
You can use our PGP public key, which is also uploaded here:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFbZHTcBEADMJledXkBantsiKc5fbln3j+Bj3R2fP6xcUZ4N6RdKj/19G8e4
+Lwso/SEDlKKuh+1ORHrcXbYBPNRTi+syf0dtL6uqNKVS+jzuS48qd7G04Foe+qs
rg5k80TfRLboCoESIS4C8E6sdjCMKEj8b+QQU8YyzL470+gYwgg7bfvHyECuS4AD
lPssBi03cQdVlYjxNWQZAfVMZ+5zcvpS4P5KOCZPT082rzlgQEmVpmNuTyBELNtl
TBcVK9Sq6/KlNNSXMbGfJlMMq0kgAzVxrSyx3y0gOnRx1DR+a5jJSecPtdVJYno8
9mwRT6Z1B/boN6GmEhC3vikmsOmA+umaLoscQcwjQj7jK5rPTF8ypuDfVNa+kAUS
ONFrayDQljwMEVHZ5/lk9TfEwrnarN8q0fRs2MXaJsD/YlTHG5/9LJs3mMk5yQpq
VGq0sydprnubW36nbP0SkH2LMRrLhQWoLEvtjkz7EaqGLWKO6N0Nr+BT1YBy5gM+
evc5mUeHUTPqflDht1crHn0rdfWmtDzEsNUWc9GR1hK2+x8U43YUPDmmgRYZyCGP
iKdmrF0kUDlh2mmok3dXlQCZesXaeFvSbIFMfL7midhbiWyCfDtAIQPfBTKNtfc3
qbaAoEHmYS2Yjri0rRqK9zbFqDgOR7Ap/ExeoOuaAMx1bvjV0QBm0W8q+QARAQAB
tC1BcnRodXIgQ2luYWRlciAoR2l0aHViKSA8YXJ0aHVyQHBvcHN1Z2FyLmNvbT6J
Aj0EEwEKACcFAloYZqECGwMFCQeGH4AFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AA
CgkQgZHETYyfyECCKA/8CbpKrMJn+UhP4s5eUisx6wSfqDWuHGkvhecxTWLRGGRT
yycDm7PJxSb3AdJ//sUTGemG88kpLXmEGt3HpINqB0B4J+aqTB/Ei0+1g/FH0LXP
RlCehH0RpLHJmplkEbd2VZ8wFN9+tW1u4jhG+LCZD8pAVy7f36QixCZA3fdlt9GN
K2Jq2456dMpHmaLdUbrYERcDSKmDVKBRa8/CTe9hAkA83kAt0xgWjr/Byxw+L3wi
Ar4/twAwLAHCzl7HTVvbWOXYehM8dpybE7rFV/1OACg3i2uppLE1oGeS2s4HBv84
WYNx0oBlBzEefpDAxz1NQI4HnKtBopt8jNUs5GEa1GR4eSNdMf9SmX7MRBNgDKuY
PsvZQLUBqG8GYZR214NzK9wf0VkQDkZ+PwG+L5pnpKtc7RwsR49z2qyti/nZfPP7
y9gJanTNPkzgx2YAk+UBrKL7435XfFAW6mo2y5LLbD6ouT2hGDfnhsSuMrS4bAdM
7ua9B8vs2cnwYXUFM7ydAueaPvfP0x5i0ZQrphls3ZUpKRpWORSXa0fTNinSpzqW
YzTmPxJsHsyioPlRsl2/r97I9XJ9i5gjMDkNI3TQpGKFy/YNMk7rkk1dp3hq3aP/
xt0P/2yL/MJEj9Jus9FTKGqVtOn73e8oSOsu0ngpllYasYaLkO19MJ2lemSW+CC0
LEFydGh1ciBDaW5hZGVyIChHaXRodWIpIDxhY2luYWRlckBnbWFpbC5jb20+iQI9
BBMBCgAnBQJaGGJcAhsDBQkHhh+ABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
EIGRxE2Mn8hAGVcP/RkqkER8/AKWfPFQs40Epe3mocuLyEW1CHX5LkFTjya42GAM
0BKk+bStRrMQ4rBGOmdKGxphysQFZn4bscRUVMmJd/frJ0s8ConSfWzaweL7rbQO
UgGnL4mSNUvQkNCoO/RgKJapq9G/+jA9RRYEoSncE1/i3FQ+96JWfRRYy3MGYi9H
WmH3UFQ8cJ1JAFMIGaxuHuNQ20mStVDSuK3Zm8KVxk8rWHb2O8lye4bcBi7OLXYx
oZEoLrbLQinMbuccNaMq2j3ZNLOPYUDyyv5O81WzN70A7r0rkipOaJx4LiXE2/NT
3vz1CyT7i+2/GlLL113DP0DA8neMjx6MzpxOo7MgT+ZBHRRZh+tWoqfJKclh6Duw
rAJ9BOxSCm1y4BxTxuWrb5mU/RDCe3oC7PTA6wIMbJThqxtRpjqa17oWn2UXyJOH
aEXvt6jH6YqqFV9liArwkjZZl4KKyiqZ8UFKLteIVSK5xlwQ/ICW3uPYRpYhIFj0
fMaqN5SFcMOxtD4L5SP4k7HRn8l/gVoWQyIMJMip87sPCw7mRe5jq91n9s33stHr
vByL0ownS5MmvKXLLAyAltw2FcIyafcn6mKNGMUBunM14/j5uXaMcgz3MQtYjkvk
Fh6uX1OqLt/rpOhsRTeDRvjGvAFtdLt1QtDEz4i9kGN4h4B/XqwEbVNMWyv4tDlB
cnRodXIgQ2luYWRlciA8NzAwNTcyK2FjaW5hZGVyQHVzZXJzLm5vcmVwbHkuZ2l0
aHViLmNvbT6JAj0EEwEKACcFAloYaaMCGwMFCQeGH4AFCwkIBwMFFQoJCAsFFgID
AQACHgECF4AACgkQgZHETYyfyEANHBAAuOkRMEoCuRjN3Dz/bP7SpWSFnBjOWW42
Lbie3bXbT1SYRltd7AM3ICu2M8OzjATzrDimmGi7K4qxFIGnz+sjp9NRr6x7Ohgi
bPwmU1OMIjuARPhsauUyyUNI+wKbRG9/tO0YxOUBadsKcVYY+6JxhsjrO5qb9NUI
WaNvwfCPlSBDcvsKCOVu6weyw9FGpaaKZcscge8tPPEQCf7FYKy6NYPVK6/D7qn6
myaKe/dh/HwozZ0o2NhW3uIAdd4OIvmWE7rh97B7afKXTiIfiqWqtkFhH0RxdR2q
Damg0BiGjdARqSnneLKDPgIwr904yM1RD36BkPcP8WH3ommsK95mrUKrZtLAQA6J
J6uESkuHNtcy5XTx4eF2cD2uaJTcRjlbAHFBMEI/+vr4umo+8wt38JhY+XtSot6W
rS99JU6Ht1/SMYdz/rFisOWHb6hS69DOSCEK68lne6n0u1AnsWnDHwbQxcaSEreR
axXMzgMtRuM5R4ncLpx0nUwhxlRoIyo2GN6aghXcCrZt1fsLXBilag1moxZgh+YE
RaVOsBASuqO/5m609Mi8AGLbuLU+39Ekb/b2ozw/MRvGPNfXC1XIqPe4asEE9GNL
XdVqvrHhEexBpv7El9yQ9qyllzEEdv5+soMcUQmjJAVabx+0gtLb5x3QHD4V8ttT
kA8kUPG5MyO5Ag0EVtkdNwEQAKssJS3MZiu6WkBact/HvDjJrq+S1HcxeTLYbFXK
lEsolW5sw0IX5ORM9+Z9LfUTyVcyU6w/UbM91IecjNnFQkMvIQy8lVhrqO20FL46
Vu6G5HezIf2hg/1vgt891hrKMrySQDDyGo68f6uF3U+SJLeNPRoB4O8qL2RHXfC3
3ti6FAoOFfRGe/CNB35viK/L//6O3pCFz/nrckEaMzH/GOrcZ8xlrFyeKhsOjtoR
S2MDSNpIJfZP+pbtBgVW5lA5HDlyy5s52jXgd0+1Ktw1FV1uCjsgaX9xfbfXG8o1
SxpKpj1dI8WQ/7ZuCTxu0phyJsQPmfIHb5kBvZjm4vqpnCfbbFWxsQE+T01PRsV+
rWdh1EG4dlTMkvZtMfAnDZV+Cqf6FELb/KhrbRqlCjHeC99tn6YP9EpvLNIgUnD6
qiV2QVHMKZ+wRfRUAYUBtvbFYqbbEqLySpW0ahPB/UmLUMjvArzrQkxvKFM20nb8
HnAAKAZpgjhXTO9OBiNErCfiORooZLEs1MBeR1u8932GL/uKSDX0RhTYBBFDVoNy
zGj3lW3YfnCurVIjCoj+jAZGMSVi67GnUuhm0Vj2K4mdSbq40TwhXxKlp8G0uSU4
SmCm+yjTVcgQj+Xj+fsFJh6YGIgkcLEpbZS6kCLKcnx+44U3nZYPZch0+3/m8Uaf
i3e5ABEBAAGJAiUEGAEKAA8FAlbZHTcCGwwFCQeGH4AACgkQgZHETYyfyEBEcQ/8
DXyIYahE4JmY4REkdSnTQQ09etNmlqZbnMo1y7aYqDgqoixGpZAyE5U3oxGMeNBD
P+XEaZGDav9wfiOlnofMXBa65kbtWoz/+dLc+sTAjNdWvucuzP0yiE0+RNkOtvmY
5BlGgIQS9PTRaw86aRFOE5LilAoR/jv+mOMPt1dcLfHksmCpW+3OzPyxCA703fE5
l7xOXYOAhPGMco30EftebbZkiaAmoZFese92pRenTJXi007ALhMpjPbk5D7717DZ
4/g2gqT+Zs8fZe4tUHjo8LSQrFh/i3TpyBoAIouJsuvVvXy0r+iucKvfBjB4vdQb
b33Fft2DYVBMpVVfnjRg1Y+p5IFNWByI5NYfFsf8AWLHhOWargYmiUjHMdDFXuea
3QUTzHARp4HsqoZocjhKEoW5+j0MTVM6q7cTGgkNvAUmlPEzpvjQP84zkeM7gskP
vaKjgp0gIaCMlzP2fRSKqQ2f84LhKj0mZDy7HQNhtKme1l014HgTbbP7GDJ2UMse
uHgdaLLljuHFbHYAgGI7Uck225weDESF8enizh1ZF1itRliN47ICsef1RQJCgrJb
dkoPBN52k7VhS3vUIQhA1P1sLSEtPMuJ8SDq0CuA008WpU/xHdm1b+xcBxrabuoz
6jfgzgnAZveF5DMisrOnbi4GHVIiHXvWrrIglA6o1sM=
=paxU
-----END PGP PUBLIC KEY BLOCK-----