Hello,
I am currently studying the source code of this project with a focus on security.
While I have not identified any vulnerabilities yet, I noticed that this repository does not currently have Private Vulnerability Reporting enabled. Without this feature, security researchers often face a dilemma: posting a potential exploit in a public issue (which puts users at risk) or struggling to find the correct contact email.
I highly recommend enabling the "Private vulnerability reporting" feature provided by GitHub.
This feature allows researchers to report security issues directly to the maintainers within GitHub's UI, keeping the details private until a patch is ready. It creates a safe channel for collaboration without exposing the vulnerability to the public.
Setting this up beforehand would be very helpful for me (and other researchers) to responsibly report any findings in the future.
Thank you for your hard work on this project!
Hello,
I am currently studying the source code of this project with a focus on security.
While I have not identified any vulnerabilities yet, I noticed that this repository does not currently have Private Vulnerability Reporting enabled. Without this feature, security researchers often face a dilemma: posting a potential exploit in a public issue (which puts users at risk) or struggling to find the correct contact email.
I highly recommend enabling the "Private vulnerability reporting" feature provided by GitHub.
This feature allows researchers to report security issues directly to the maintainers within GitHub's UI, keeping the details private until a patch is ready. It creates a safe channel for collaboration without exposing the vulnerability to the public.
Setting this up beforehand would be very helpful for me (and other researchers) to responsibly report any findings in the future.
Thank you for your hard work on this project!