Thank you for helping keep xdB and its users safe. This document outlines our approach to security vulnerabilities and how you can report a potential issue.
If you believe you have discovered a security vulnerability, please adhere to the following steps:
- Do Not Disclose Publicly: Do not publish the vulnerability or details about it in public forums, GitHub issues, or social media.
- Email Us Directly: Send an email to our security team at jakub@jsle.eu with the following details:
- A clear and detailed description of the vulnerability.
- Steps to reproduce the issue.
- The impact of the vulnerability.
- Any suggested remediation if known.
- Acknowledgement: We will acknowledge receipt of your report within 48 hours.
- Investigation: Our team will investigate the reported vulnerability as soon as possible.
- Resolution: We will work to resolve the issue promptly. You may be credited in the release notes if you wish.
- Confidentiality: We will keep your report confidential during the investigation process.
Once the vulnerability has been fixed, we will disclose the details through a public advisory. The timing of this disclosure will be coordinated with the responsible parties.
Thank you for your efforts to keep our project safe!