If you wish to report a security vulnerability privately, we appreciate your diligence. Please follow the guidelines below to submit your report.
| Version | Supported |
|---|---|
| 1.x.x | Yes |
Preferred: Email the information below to janderssonse@proton.me
To report a security vulnerability, please provide the following information:
- PROJECT
- Include the URL of the project repository - Example: https://github.com/itiquette/gommitlint-action
- PUBLIC
- Indicate whether this vulnerability has already been publicly discussed or disclosed.
- If so, provide relevant links.
- DESCRIPTION
- Provide a detailed description of the security vulnerability.
- Include as much information as possible to help us understand and address the issue.
We kindly ask you to keep the report confidential until a public announcement is made.
- Vulnerabilities will be handled on a best-effort basis.
- You may request an advance copy of the patched release, but we cannot guarantee early access before the public release.
- You will be notified via email simultaneously with the public announcement.
- We will respond within 2 weeks to confirm whether your report has been accepted or rejected.
Thank you for helping to improve the security of gommitlint-action!