Skip to content

Security: notbasetwo/FOSSBilling

Security

SECURITY.md

Security Policy

Supported Versions

Use this section to tell people about which versions of your project are currently being supported with security updates.

Version Supported
4.22.x

Reporting Vulnerabilities

To report a vulnerability, please make a submission on huntr.dev. Enter https://github.com/FOSSBilling/FOSSBilling as the repository and then go from there. Their website should give you a idea good on how to make a good vulnerability report. It's important to make the submission there as it keeps the vulnerability private which helps ensure it can't be exploited while a patch is in the works.

If you have a suggestion that is related to security, then creating an issue on GitHub is a suitable place.

Usually a good report should include which file(s) has the exploit, how the vulnerability could be exploited, the potential ramifications of the vulnerability, a proof of concept exploit, and if possible insight into a solution. A proper vulnerability report is awarded with a cash reward, if you provide a patch there is usually a reward with that as well.

Not a Vulnerability?

Reporting bugs This section guides you through submitting a bug report for FOSSBilling. Following these guidelines helps maintainers and the community understand your report 📝, reproduce the behavior 💻 💻, and find related reports 🔎.

Before creating bug reports, please check this list as you might find out that you don't need to create one. When you are creating a bug report, please include as many details as possible.

Note: If you find a Closed issue that seems like it is the same thing that you're experiencing, open a new issue and include a link to the original issue in the body of your new one.

Before Submitting A Bug Report Perform a cursory search to see if the problem has already been reported. If it has and the issue is still open, add a comment to the existing issue instead of opening a new one.

How Do I Submit A (Good) Bug Report?

A Detailed guide can be found in out CONTRIBUTING however if you're still unsure or it's too much to read drop a message on Discord. Sometimes it takes time to respond; please be patient!

There aren’t any published security advisories