Skip to content

Security: varunsridharan/action-envato-publisher

Security

SECURITY.md

Security policy

Note: this policy is new and untested. We’ll update and polish it as we’re receiving security issues.

Scope

If you believe you’ve found a security issue in any software, service, or website governed by varunsridharan, we encourage you to notify us.

There are no hard and fast rules to determine if a bug is worth reporting as a security issue or a “regular” issue. When in doubt, please do send us a report.

How to submit a report

Security issues can be reported by sending an email to [email protected], I acknowledge your email within 48 hours. You will receive a more detailed response within 96 hours.

I will create a maintainer security advisory on GitHub to discuss internally, and when needed, invite you to the advisory.

Preferences

  • Please provide detailed reports with reproducible steps and a clearly defined impact
  • Submit one vulnerability per report
  • Social engineering (such as phishing, vishing, smishing) is prohibited

There aren’t any published security advisories