At Camsol we take the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations.
If you believe you have found a security vulnerability in any camsol-owned repository or projects/applications..., Please report to us as described below:
- Please do not report security vulnerabilities through public GitHub issues.
- Instead, please report them to the our Security Control Center at Camsol Security Control Center
- Or make use of our security support staff mailing service via mail@camsol.io
Please make use of the following format to help us best understand the nature and scope of the issue. Feel free to add extra details where need be
- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue or images from the application
- The location of the affected source code (tag/branch/commit or direct URL) incase of a public repo
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
Issues or security vulnerabilities reported in the above format will help us track down the issue more quickly and even aid in the process of debugging the application.
After making the report, you will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.