This document outlines general security procedures and policies for the Partall list.
Please report security vulnerabilities via the built-in GitHub advisories at https://github.com/Johannes-Andersen/partall/security/advisories/new. You should receive a response within 48 hours. Please allow the vulnerability to be fixed before any public exposure, as this will help protect the users using a fork of the repo.
Within the report of the issue, please provide the following information:
- History of how long the vulnerability existed in the project (e.g. commit version)
- Component(s) affected
- A description of the vulnerability, the impact, and how to reproduce it
- Recommended remediation
- (Optional) Code, screenshots, or videos of the vulnerability (but no executable binaries)
GitHub Security Advisory will be used to communicate during the process of identifying, fixing, and shipping the vulnerability mitigation.
The advisory will only be made public when the patched version is released to inform the community of the breach and its potential security impact.
The following items are not in scope:
- High volume vulnerabilities, such as overwhelming the service with requests, Dos, brute force attacks, etc.
- Vulnerabilities from old versions of the project
- Spam reports
- Self Cross-Site Scripting (XSS) (user-defined payload)
- Social engineering
- Phishing Attempts
- Third-party systems not directly under our control
- Vulnerabilities on the websites in the lists themselves
- Vulnerabilities in the adblockers themselves
- Anti-virus false positives
Unfortunately, I cannot provide compensation for reporting vulnerabilities except for eternal gratitude and a mention in the release notes.
Please let me know if there is anything else I can do to thank you!