The AddonExe team takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings, and we will make every effort to address them in a timely manner.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please report vulnerabilities using one of the following methods:

1. GitHub Private Vulnerability Reporting (Preferred): If you have a GitHub account, you can privately report a vulnerability directly on GitHub. This is the most secure and preferred method. Go to the "Security" tab of the AddonExe repository and click on "Report a vulnerability." This will allow you to submit a detailed report directly to the project maintainers.

2. Email: If you prefer, you can send an email to [email protected]. Please use a clear subject line, such as "Security Vulnerability Report: AddonExe".

When reporting a vulnerability, please include as much detail as possible to help us understand and address the issue effectively:

• Type of vulnerability: (e.g., Remote Code Execution, Data Exposure, Denial of Service, Bypass of a specific check)
• Description of the vulnerability: A clear explanation of the issue and its potential impact.
• Steps to reproduce: Detailed instructions on how to reproduce the vulnerability. This may include specific configurations, commands, or interactions.
• Affected version(s): Specify which version(s) of the AddonExe are affected. If possible, test against the latest release.
• Proof of Concept (PoC): If possible, provide a simple PoC (code, commands, or a detailed explanation) that demonstrates the vulnerability.
• Your name or alias for acknowledgment (optional): Let us know if you'd like to be credited for your discovery.

When you report a vulnerability to us:

1. Acknowledgment: We will acknowledge receipt of your vulnerability report within 48-72 hours.
2. Investigation: We will investigate the reported vulnerability to understand its scope and impact. We may contact you if we need further information.
3. Resolution: If the vulnerability is confirmed, we will work on a fix as quickly as possible. The timeline for a fix will depend on the complexity and severity of the issue.
4. Disclosure: Once a fix is available and has been deployed (e.g., in a new release), we may publicly disclose the vulnerability, often with credit to the reporter (if requested). The timing and details of public disclosure will be coordinated to minimize risk.

This security policy applies to the AddonExe itself. If you find a vulnerability in Minecraft Bedrock Edition or any third-party libraries used by the addon, please report it to the respective maintainers.

We value the work of security researchers and the community in helping us keep the AddonExe secure. Thank you for your contributions!