This document contains information on how to report security vulnerabilities in cornflow and how security issues reported to the cornflow development team are handled.
The cornflow development team takes security issues very seriously. If you have any concern around cornflow security or belive you have uncovered a vulnerability, we suggest that you get in touch via the e-mail addresses cornflow@baobabsoluciones.es and seguridad@baobabsoluciones.es
Before sending the report, however, please read the following guideslines first. The guidleines should answer the most common questions you might have about reporting vulnerabilities.
Only use the security e-mail address to report undisclosed security vulnerabilities in cornflow and to manage the process of fixing such vulnerabilities. We do not accept regular bug reports or other security-related queries at this address. We will ignore mail sent to this address that does not relate to an undisclosed security problem in the cornflow project. Please follow regular communication channels for inquiries, questions and other discussions related to the process or issues.
Specifically, we will ignore results of security scans that contain a list of dependencies of cornflow with dependencies in cornflow docker reference image.
Please send one plain-text email for each vulnerability you are reporting including an explanation of how it affects cornflow security. We may ask that you resubmit your report if you send it as an image, movie, HTML, or PDF attachment when you could as easily describe it with plain text.