We take the security of our projects seriously. If you discover a security vulnerability, we appreciate your cooperation in responsibly disclosing it to us.
- Go to https://github.com/upstart-gg/upstart/security
- Click on "Report a vulnerability"
When reporting a vulnerability, please include:
- A detailed description of the vulnerability.
- Steps to reproduce the vulnerability.
- Any relevant logs, screenshots, or proof of concept code.
- Your contact information so we can reach out if we need more details.
We will acknowledge your report within 48 hours and provide a plan for addressing the issue, including an estimated timeline for a fix. We may reach out to you for further information or clarification during the investigation process.
We kindly ask that you:
- Give us a reasonable amount of time to address the issue before disclosing it publicly.
- Avoid using the vulnerability for any malicious purposes.
- Refrain from disclosing the vulnerability to third parties until we have resolved it.
We appreciate your help in keeping our project secure. Your efforts to responsibly disclose vulnerabilities help protect the users of our software and the wider community.
Thank you for contributing to the security of our project.