CSLA .NET is available under the MIT license, and as such is provided "as-is" without warranty of any kind. This includes a lack of warranty regarding security.
If you believe you have identified a security vulnerability in CSLA .NET, please report it to rocky at marimer.llc. Please do not report security vulnerabilities in CSLA .NET as GitHub issues, as that would expose the vulnerability to the public before a fix can be created and distributed.
Please include the following information in your report:
- A description of the vulnerability
- Steps to
- reproduce the vulnerability
- exploit the vulnerability
- Your name and contact information (email address, GitHub username, etc.)
- Your preferred method of contact (email, phone, etc.)
We will make every effort to respond to your report within 48 hours. If you have not received a response within 48 hours, please follow up with a second email.
We will not disclose the vulnerability to the public until a fix has been created and distributed.
Once a fix has been created and distributed, we will disclose the vulnerability to the public, including a description of the vulnerability and the steps we took to fix it.
CSLA is available via NuGet, which relies on the GitHub Advisory Database to provide security information to developers. We will create an advisory in the GitHub Advisory Database for any security vulnerability that is reported and fixed.
We will acknowledge your contribution to the security of CSLA .NET in the release notes for the version of CSLA .NET that includes the fix for the vulnerability you reported.
For additional information, please contact rocky at marimer.llc.