Responsible Vulnerability Disclosure

We believe that responsible security research and disclosure help us continually improve how we keep our members and users secure.

Vulnerability Response

Vulnerability Reporting

Please report potential security vulnerabilities to us via Email address for vulnerability reporting. When submitting a report, we ask that you include the following information:

  • Contact information of the reporter (email address)
  • Name and version of the software containing the vulnerability
  • Detailed description of the vulnerability
  • Steps required to reproduce the issue

Scope of Vulnerability Reporting

Vulnerability reporting is limited to the software managed in the following repository:

Vulnerability Response Process

The vulnerability response process consists of the following 4 steps:

1. Report Acknowledgment

We will respond to the reporter within 7 days of receiving the vulnerability report, acknowledging that we have received the report.

2. Vulnerability Investigation

We will investigate the impact of the vulnerability on the software. The investigation results will be shared with the reporter.

3. Mitigation Preparation

Depending on the nature of the vulnerability, we will prepare the following measures:

  • Fix: Patches, fixes, etc. to remove or mitigate the vulnerability.
  • Workaround: Actions to reduce the impact of a vulnerability exploit, etc.

4. Security Advisory Publication

We will publish the security advisory. The publication timing will be shared in advance with the reporter.