If you think you've found a security vulnerability in berryjam, please report it directly by sending an email to security@berryjam.dev. Avoid posting any information publicly, such as creating a new issue on GitHub.
In your email, please includes as much of the information listed below as you can to help us triage your report, better understand and resolve the issue:
-
The type of issue (e.g., dependencies security risk)
-
The location of the affected source code (tag/branch/commit or direct URL)
-
Step-by-step instructions to reproduce the issue
-
If you have a fix, feel free to include those details.
We will evaluate the vulnerability, contact you for more information if necessary, and release a fix once prepared. We will reach out to you once the vulnerability is confirmed and the mitigation is released. We'll also credit you for the report, if you choose to have your involvement known publicly.
We kindly ask that you don't disclose or discuss the vulnerability publicly until a fix or mitigation path has been released.