We take security vulnerabilities seriously and appreciate your efforts to responsibly disclose any issues you may find. Please follow the guidelines below to report a security issue privately.
If you discover a security vulnerability, it is crucial that you do not create a public issue under any circumstances. Public issues can inadvertently expose the vulnerability, potentially leading to exploitation before a fix is available.
Instead, please report the vulnerability via the GitHub Security Advisory for this repository. This private channel ensures that only the maintainers can access the details of the vulnerability, enabling a timely and secure resolution.
If you are unable to use the GitHub Security Advisory for any reason, you may report the issue via email to ulises@linux.com
.
When sending an email, please include as much detail as possible, including:
- Steps to reproduce the issue.
- A description of the vulnerability and its potential impact.
- Any supporting information or proof of concept.
We reiterate: Do not create a public issue to report a security vulnerability. This is to protect both the project and its users from potential exploitation before the issue is resolved.
We will acknowledge receipt of your report within 2-5 working days and work on resolving the issue as quickly as possible. We may request additional details during the investigation process.
Thank you for your responsible disclosure and for helping us maintain the security of our project.