2025-05-11 08:41:38 +02:00
|
|
|
# Security Reporting
|
|
|
|
|
|
|
|
|
|
If you wish to report a security vulnerability privately, we appreciate your diligence. Please follow the guidelines below to submit your report.
|
|
|
|
|
|
|
|
|
|
## Reporting
|
|
|
|
|
|
|
|
|
|
To report a security vulnerability, please provide the following information:
|
|
|
|
|
|
|
|
|
|
1. **PROJECT**
|
2025-05-11 11:48:03 -07:00
|
|
|
|
|
|
|
|
- Include the URL of the project repository - Example: <https://github.com/fish-shell/fish-shell>
|
2025-05-11 08:41:38 +02:00
|
|
|
|
|
|
|
|
2. **PUBLIC**
|
2025-05-11 11:48:03 -07:00
|
|
|
|
|
|
|
|
- Indicate whether this vulnerability has already been publicly discussed or disclosed.
|
|
|
|
|
- If so, provide relevant links.
|
2025-05-11 08:41:38 +02:00
|
|
|
|
|
|
|
|
3. **DESCRIPTION**
|
2025-05-11 11:48:03 -07:00
|
|
|
- Provide a detailed description of the security vulnerability.
|
|
|
|
|
- Include as much information as possible to help us understand and address the issue.
|
2025-05-11 08:41:38 +02:00
|
|
|
|
2025-05-11 11:48:03 -07:00
|
|
|
Send this information, along with any additional relevant details, to <rf@fishshell.com>.
|
2025-05-11 08:41:38 +02:00
|
|
|
|
|
|
|
|
## Confidentiality
|
|
|
|
|
|
|
|
|
|
We kindly ask you to keep the report confidential until a public announcement is made.
|
|
|
|
|
|
|
|
|
|
## Notes
|
|
|
|
|
|
2025-05-11 11:48:03 -07:00
|
|
|
- Vulnerabilities will be handled on a best-effort basis.
|
|
|
|
|
- You may request an advance copy of the patched release, but we cannot guarantee early access before the public release.
|
|
|
|
|
- You will be notified via email simultaneously with the public announcement.
|
|
|
|
|
- We will respond within a few weeks to confirm whether your report has been accepted or rejected.
|
2025-05-11 08:41:38 +02:00
|
|
|
|
|
|
|
|
Thank you for helping to improve the security of our project!
|
