-
Notifications
You must be signed in to change notification settings - Fork 652
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to get in touch regarding a security concern #2935
Comments
@JamieSlome, thanks for the nudge to create a security policy. It is now in place and you can e-mail [email protected] with your inquiry. |
@asbjornu - awesome, you should receive an e-mail shortly! Otherwise, you can view the private report directly here: https://huntr.dev/bounties/11348026-ad4d-4dc7-ab7b-2273f9b2a40d/ It is only visible to maintainers with write access to the repository (BTW). |
Thanks for reporting this! While I agree that this may be a problem, I'm not sure how this can be exploited in GitVersion to actually cause a ReDoS. Can you please elaborate?
|
@dwisiswant0 - can you please address the above? |
I've replied in https://huntr.dev/bounties/11348026-ad4d-4dc7-ab7b-2273f9b2a40d/ as well, so please follow up there. |
🎉 This issue has been resolved in version 5.8.2 🎉 Your GitReleaseManager bot 📦🚀 |
@dwisiswant0 - please see the above + the maintainers comments on the report 👍 |
Hey there!
I belong to an open source security research community, and a member (@dwisiswant0) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: