The following file contains information on how to report security breaches in pip-rating. A security flaw is a bug that can be exploited to compromise the security of the system. To report bugs that do not compromise security, report using an issue.
Currently pip-rating only supports the latest version available. If you find a security flaw in a previous version, please report it, but we don't guarantee that it will be fixed with a patch version. However, we will report it to the users of the previous version. If the flaw is in the latest version, we will fix it as soon as possible.
To report a vulnerability, please send an email to security [at] nekmo.com with the following information:
- A description of the vulnerability.
- The version of pip-rating affected.
- The steps to reproduce the vulnerability.
- The possible impact of the vulnerability.
We will try to answer you as soon as possible, but we cannot guarantee a response time. If your vulnerability is accepted, we will contact you to keep you informed of the progress of the solution. If it is rejected, we will also contact you to explain the reasons. If you do not receive a response within a reasonable time, please contact us again.
All the people who report a vulnerability will be mentioned in the changelog of the version in which it is fixed, unless they request otherwise. If you want to remain anonymous, please indicate it in the email.