Do not open a public issue for security vulnerabilities.
If you discover a security vulnerability in any DDS project, please report it responsibly:
- Email: nicolas.gimenez@zkorum.com
- GitHub: Use GitHub's private vulnerability reporting on the affected repository.
Please include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
- Acknowledgment: within 7 days
- Assessment: within 21 days
- Fix or mitigation: as soon as reasonably possible after assessment
We practice coordinated disclosure. We'll work with you to understand and fix the issue before any public disclosure. We credit reporters unless they prefer to remain anonymous.
For bugs that aren't security-sensitive, please use the regular issue tracker. See CONTRIBUTING.md for details.