Reporting a vulnerability

[iarce-qb]

Hi

By looking at the project's activity page it seems that currently it is not actively maintained.

Is there a specific way to report security bugs in the project or should I just open issues ?

[andre-d]

This repository is unmaintained. However, is the issue with a dependency version being out of date or is it with this codebase? If with this codebase feel free to make an issue so that if someone is using this project they may see it. If this issue is with a dep version the unmaintained nature of the project likely covers that.

…

On Mon., Jan. 25, 2021, 10:46 a.m. iarce-qb, ***@***.***> wrote: Hi By looking at the project's activity page it seems that currently it is not actively maintained. Is there a specific way to report security bugs in the project or should I just open issues ? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#75>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAFOLMRAT6NYEK3ITSTXPMDS3WG3PANCNFSM4WR6HBPA> .

[k3d3]

This repo has been left unmaintained for a while, but I don't mind making security fixes whether it's dependency-related or not.

In either case, I don't believe we have a working email for security notices at the moment, so for now it's best to make a new issue for it.