Security has a high priority or this project. If you discover a security issue, please report it right away!
If you believe you have found a security vulnerability in this project, please report it privately. Do not file a public issue and do not otherwise disclose the vulnerability before it has been fixed.
You can [https://github.com/s-hamann/desec-dns/security/advisories/new](report a vulnerability) on GitHub.
Alternatively, you may send an email to [email protected]. If
possible, please use PGP
(key)
to encrypt the email and provide your own public PGP key for encrypted
communication.
Please include all information that seems relevant in your initial report, typically including
- a description of the issue,
- steps to reproduce it, including any special setup requirements,
- if possible, proof-of-concept (PoC) code and
- the impact of the vulnerability.
If you identified the vulnerable code section or have a suggestion on how to fix it, please include that information as well. Preferably use GitHub's temporary private fork if you want to submit a fix yourself.
You should receive a response within a few days. If for some reason you do not, please follow up with an email.
We aim to resolve any security issues as quick as possible. However, depending of the complexity and available free time, it may take several days.
Please follow Responsible Disclosure/Coordinated Vulnerability Disclosure principles and do not publicly disclose any vulnerabilities before a fix has been released (or after 90 days, in the unexpected case that no fix gets released).
Thank you for your help keeping this project secure!