If you discover a vulnerability in CSTL, we encourage you to report it to us as soon as possible to ensure it can be addressed promptly. Here’s how to report a vulnerability:
-
Where to Report:
- Please report vulnerabilities by emailing security@cstl-project.org.
- Include a detailed description of the vulnerability, including the affected versions, how to reproduce the issue, and any potential impact.
-
Response Time:
- You can expect an acknowledgment of your report within 48 hours.
- We will provide updates on the investigation and remediation progress every 5 business days.
-
What to Expect:
- If the vulnerability is confirmed, we will work on a fix and release a patch as soon as possible.
- If the vulnerability report is declined, we will provide an explanation and discuss possible next steps with you.
-
Confidentiality:
- We ask that you keep the details of any potential vulnerability confidential until it has been addressed and an official fix is released.
We appreciate your help in keeping CSTL safe and secure for everyone!