Replies: 1 comment 2 replies
-
|
I'm fine all bugs/security issues being reported publicly. However, if the reporter would like to report them privately, I'm fine with that as well. I will update the documentation to reflect that. |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
Added in e9ec9b3. If you would like this information to be listed elsewhere, please send a pull request. |
Beta Was this translation helpful? Give feedback.
-
|
Done! |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Today I wanted to report a possible security issue with Rodauth.
In order to do Responsible Disclosure, I was looking for a prescribed way to do so.
However, there is no official Security Policy, no mention in the readme or anything on the public website.
So I just sent an email to the address that is mentioned in the Readme. 🤷
I think there should be a basic Security Policy, with at the bare minimum a description on how to disclose security issues.
I think that is especially important as this is an authentication framework.
Happy to help with establishing this if desired.
Beta Was this translation helpful? Give feedback.
All reactions