If you believe you have found a security vulnerability in the fedora-messaging project, please follow these steps:
-
Do not create a public GitHub issue. This could expose the vulnerability to malicious actors.
-
Create a security advisory. If the maintainers are unresponsive, or if the vulnerability is critical, create a security advisory on GitHub. Follow the GitHub Security Advisory guidelines for creating a private advisory.
-
Cooperate with maintainers. Work with the project maintainers to address and verify the vulnerability. This may involve providing additional information or assisting in testing patches.
The project is committed to addressing security vulnerabilities in the latest stable release. If your report relates to an older version, it may not be eligible for a security update. However, we still appreciate the report and will evaluate the severity and impact.
We kindly request that security researchers follow responsible disclosure practices. This includes giving us a reasonable amount of time to address and fix the issue before making it public. We are committed to working with you to understand and resolve the problem promptly.
Thank you for your contributions to the security of fedora-messaging!