If you have discovered a security vulnerability in any of the AristurlteDev projects, please report the vulnerability privately to [email protected]. We ask that you do this privately and allow us a chance to patch the vulnerability and push an update for existing users. After a security vulnerability is reported and verified, our policy is to perform the following:
- Patch the release branch of the repository in question to eliminate the vulnerability
- Issue a new security fix release of the current version
- Issue a public statement through the following channels
- If the project has a public website, a statement will be issued on the home page of the site for the project
- If the project has a discord server, a statement will be issued on the discord server of the project.
- A public statement will be issued on the AristurlteDev Twitter account.
Please report any security vulnerabilities privately to [email protected]. Once reported, we will work with you on verifying the vulnerability.
When reporting a security vulnerability, please provide the following information. You can copy/paste the following as a template
1. The name of the project or GitHub repository that contains the security vulnerability.
2. A description of the vulnerability
3. Steps that can be used to recreate the vulnerability.
4. Any additional information you may think is relevant (no matter how small).