LATEST only
Thank you for contributing to the security of this project. We take the protection of our users and the integrity of the code very seriously. Below you will find information on how to report vulnerabilities responsibly.
-
Email: Send us a message at bwtsafedevstests@proton.me describing the vulnerability in detail.
-
Security Issue/Form: If you prefer, you can open an issue with the label security (or use the "Vulnerability Report" template we have enabled) in this repository.
-
Required Information:
- Detailed description of the vulnerability.
- Steps to reproduce it (if applicable).
- Possible impact or scope.
- Any suggestions on how we could mitigate or fix the issue.
Important: If the vulnerability is severe, we recommend that you contact us directly by email rather than opening a public issue.
-
Acknowledgment: We will respond within a maximum of [NUMBER] business days, confirming that we have received your report.
-
Investigation: We will evaluate the report and conduct internal tests to determine the validity and severity of the vulnerability.
-
Updates: We commit to keeping you informed about the progress, approximately every [NUMBER] days, or sooner if there are significant updates.
-
Accepted Vulnerability: If the vulnerability is confirmed, we will work on a solution or patch. We will notify you when the fix is ready and will publicly acknowledge your report (if you wish).
-
Rejected Vulnerability: If we determine that there is no vulnerability or that it does not critically affect the project, we will communicate this along with our reasoning. We still appreciate your cooperation.
We ask that you do not publicly disclose the details of the vulnerability until we have had the opportunity to investigate it and release a fix, if applicable. Keeping this information private helps protect users from potential attacks.
We are extremely grateful to anyone who takes the time to investigate and report security issues. Your contribution helps us keep the project and community safe.