Hi team,
Your SECURITY.md instructs reporters to submit vulnerabilities via GitHub's security advisory system:
Submit your vulnerability via this link
However, private vulnerability reporting is not currently enabled on this repository, so that link returns a 403 error for external reporters.
Could you enable it? The setting is under Settings > Code security > Private vulnerability reporting.
GitHub docs: https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
This would allow security researchers to report issues through your preferred channel as documented. I've fallen back to the email address mentioned in SECURITY.md for now, but having the advisory system working would streamline the process.
Thanks!
Hi team,
Your SECURITY.md instructs reporters to submit vulnerabilities via GitHub's security advisory system:
However, private vulnerability reporting is not currently enabled on this repository, so that link returns a 403 error for external reporters.
Could you enable it? The setting is under Settings > Code security > Private vulnerability reporting.
GitHub docs: https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
This would allow security researchers to report issues through your preferred channel as documented. I've fallen back to the email address mentioned in SECURITY.md for now, but having the advisory system working would streamline the process.
Thanks!