Replies: 1 comment 2 replies
-
|
I'm fine all bugs/security issues being reported publicly. However, if the reporter would like to report them privately, I'm fine with that as well. I will update the documentation to reflect that. |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
Added in e9ec9b3. If you would like this information to be listed elsewhere, please send a pull request. |
Beta Was this translation helpful? Give feedback.
-
|
Done! |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Today I wanted to report a possible security issue with Rodauth.
In order to do Responsible Disclosure, I was looking for a prescribed way to do so.
However, there is no official Security Policy, no mention in the readme or anything on the public website.
So I just sent an email to the address that is mentioned in the Readme. 🤷
I think there should be a basic Security Policy, with at the bare minimum a description on how to disclose security issues.
I think that is especially important as this is an authentication framework.
Happy to help with establishing this if desired.
Beta Was this translation helpful? Give feedback.
All reactions