At r2r-protocol, we take the security of our project and its users seriously. We appreciate the contributions of security researchers and developers in helping us identify and address potential vulnerabilities.
If you discover a potential security vulnerability in r2r-protocol, please follow these steps to report it:
-
Create a new issue on the GitHub repository using the "Vulnerability Disclosure" issue template.
-
Set the issue as "confidential" if you are unsure whether the issue is a potential vulnerability or not. It is easier to make a confidential issue public than to remediate an issue that should have been confidential.
-
Label the issue with the security label at a minimum. Additional labels may be applied by the security team and other project maintainers to assist with the triage process.
-
Provide a detailed description of the vulnerability, including steps to reproduce, potential impact, and any other relevant information.
-
If the issue contains sensitive information or user-specific data, such as private repository contents, assign the keep confidential label to the issue. If possible, avoid including such information directly in the issue and instead provide links to resources that are only accessible to the project maintainers.
This security policy applies to the r2r-protocol codebase and its dependencies. It does not cover vulnerabilities in the underlying operating systems, hardware, or third-party libraries used by r2r-protocol.
We greatly appreciate the efforts of security researchers and developers who responsibly disclose vulnerabilities to us. With your permission, we will acknowledge your contribution in the release notes and any public disclosures related to the vulnerability.
If you have any questions or concerns regarding the security of r2r-protocol, please contact the at "rajkumar.rawal@techparivartan.com.np" . We will respond to your inquiry as soon as possible.
Thank you for helping us keep r2r-protocol and its users secure!