Skip to content

Security: Bearer/bearer-rules

Security

SECURITY.md

Security Policy

Reporting a vulnerability

If you think you've found a security vulnerability in bearer, please report it directly by sending an email to [email protected]. Avoid posting any information publicly, such as creating a new issue on GitHub. In your email, please include the following:

  • Describe the vulnerability and it's impact as best you can.
  • Include versions, platforms, or any other system information that may help identify a fix.
  • Include any details on reproducing / confirming the vulnerability, such as the code used to identify the vulnerability.
  • If you have a fix, feel free to include those details.

We will evaluate the vulnerability, contact you for more information if necessary, and release a fix once prepared. You'll be contacted once the vulnerability is confirmed and the mitigation is released. We'll also credit you for the report, if you choose to have your involvement known publicly.

We ask that you don't disclose or discuss the vulnerability publicly until a fix or mitigation path has been released.

There aren’t any published security advisories