Support Forum
#supportforum Any doubts or questions on how to use Decidim? Check them with the Community!
Proper way of privately disclosing security issues
I would like to ask what is currently the preferred way of disclosing security issues to the Decidim core team privately.
I cannot find any information publicly about security related issues and how to disclose vulnerabilities. This process should be explained, documented and easily discoverable.
Report inappropriate content
Is this content inappropriate?
3 comments
Conversation with Carol Romero
Hi @ahu, did you not see this in the documentation?
https://github.com/decidim/decidim/blob/master/CONTRIBUTING.md#did-you-find-a-bug
Maybe we should put this security section on README so it's easier to find?
I would also suggest adding at least a note about this in the Contact page at decidim.org. Preferrably a whole new "Security" page there that explains how to report security issues (copied from that document).
Add your comment
Sign in with your account or sign up to add your comment.
Loading comments ...