Skip to content

Please set up SECURITY.md with method for reporting security vulnerabilities #441

Description

@tballison

Is your feature request related to a problem? Please describe.
I'm not sure how to report security vulnerabilities privately.

Describe the solution you'd like
A page that describes how to report security vulnerabilities

Describe alternatives you've considered
I tried email and got no response. Private email is not a great option, I realize. So I'm left with hoping or forking... neither one of which is really a great option. Or, just opening up PRs that point out the problems.

Additional context
I have a few low severity DoS vulns to report. I'd like to get these fixed before we release our next version of Apache Tika that includes an integration with commonmark-java.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions