Skip to content

Security: Glimesh/glimesh_app

Security

SECURITY.md

Security Policy

Thank you for helping keep Glimesh safe and secure! Since Glimesh is open source we rely on contributors like yourself to responsibly disclose bugs and vulnerabilities. By doing so you help us build a better platform for our users and other users of our open source repositories.

We ask that all researchers:

  • Avoid privacy violations, degradations of user experience, disruption of production systems, or destruction of data and other user content during security testing;
  • Use the specified communication channels to report vulnerability information to us;
  • Report vulnerabilities as soon as you discover them; and
  • Keep information about any vulnerabilities you’ve discovered confidential between yourself and Glimesh until we’ve had 90 days to resolve the issue.

If you follow these guidelines when reporting an issue to us, we commit to:

  • Not pursue or support any legal action related to your research;
  • Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission).

Reporting a Vulnerability

If you believe you’ve found a security vulnerability in one of our products or platforms, please email it to us at [email protected].

Please provide detailed reports of the potential vulnerability with reproducible steps. If a report is not detailed enough to reproduce the issue, it will not be eligible for a bounty. We also ask you to cite references and not to copy/paste entire reports. Reports copied entirely or mostly from elsewhere will not be eligible for a bounty.

We especially appreciate reports containing the affected code from our GitHub repository, and possibly even patches, and we encourage you to test our platform locally. That way you can test all sorts of payloads to your heart's content.

Thank you for making Glimesh a safer place.

There aren’t any published security advisories