Our goal is to ensure that security issues are addressed promptly and securely, minimizing the risk to our users.
If you believe you have found a security vulnerability in Umamin, please follow these steps:
-
Do Not Open a Public Issue:
- Do not open a public issue on the repository to report the vulnerability. Public issues can inadvertently expose sensitive details to the broader community before we have a chance to address them.
-
Do Not Submit a Pull Request:
- Do not submit a pull request with a fix for the vulnerability until you have consulted with us. This ensures we can review and address the issue appropriately before making any changes public.
-
Contact Us Directly:
- Email us at [email protected] or [email protected] with the details of the vulnerability. Please include as much information as possible to help us understand and reproduce the issue.
-
Open a Draft Security Advisory:
- If you prefer to use GitHub for reporting, open a draft security advisory from the issue template "Report a security vulnerability". If you've already fixed the vulnerability, fill out the draft security advisory and then publish it.
- We will acknowledge your report within 5 days.
- We may reach out to you for further information or clarification during this process.
- Once the vulnerability has been addressed, we will disclose the issue publicly (and credit you with your consent).
We appreciate your help in keeping Umamin secure and thank you for following these guidelines to report security vulnerabilities responsibly.