Version | Supported |
---|---|
1.x.x | ❌ |
< 1.0.0 | ✅ |
In order to report a security vulnerability in safe manner, please send an email to [email protected] with the subject line: ri2p Security Vulnerability Found
The body of the email should contain information such as; ri2p version number, steps to reproduce the vulnerability (if there are any), a potential change to the codebase to remove the security vulnerability, system information (such as OS), etc.
You should expect to receive a response to your inquiry within 48 business hours, although this number will be closer to "within 24 business hours" in most cases.
If your security vulnerability is accepted, then you will be notified accordingly and work will begin to remedy the situation.
If your security vulnerability is not accepted, then you will be notified accordingly and no further actions will be asked of you.