You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If you believe you've found a security vulnerability in WatermelonDB, let us know right away.
More details on how to responsibly disclose issues: https://nozbe.com/bug-bounty/
## How WatermelonDB reports security vulnerabilities
If vulnerabilities are found, we'll post security advisories via GitHub once a confirmed patch is available.
We may choose to send a heads-up to a select list of higher-profile projects/organizations to alert them about a vulnerability before the public. Inclusion into this list is entirely at our own discretion. If we do send a heads-up before a public patch, we'll include the least amount of detail possible - only enough to work around an issue.
If we determine that it's in the best interest of all WatermelonDB users, we may choose to advise users to update to a new version of WatermelonDB or apply a workaround without revealing all details about the vulnerability. This may happen if we believe there's a very serious issue that's easy to patch but difficult to discover. If we do so, we will post a detailed explanation after a few weeks.
