The Vineyard community takes all security bugs seriously. Thank you for improving the security quality of vineyard. We adopt a private disclosure process for security issues.
If you find a bug, a security vulnerability or any security related issues, please DO NOT file a public issue. Do not create a Github issue. Instead, send your report privately to security@v6d.io. Security reports are greatly appreciated and we will publicly thank you for it.
Please provide as much information as possible, so we can react quickly. For instance, that could include:
- Description of the location and potential impact of the vulnerability;
- A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed packet captures are all helpful to us)
- Whatever else you think we might need to identify the source of this vulnerability
One of our maintainers will acknowledge your email within 48 hours, and will send a more detailed response within 48 hours indicating the next steps in handling your report. After the initial reply to your report, the maintainers will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.