We treat security reports at highest priority level. This means that we attempt to fix them as quickly as possible. We will release a beta or hotfix for any major security report found in the most recent stable version of Campus App by AStA RUB.
To report a vulnerability, please use the GitHub-Security-Advisory with a description of the problem, the steps you took to reproduce the problem, affected versions and any known mitigations.
We should reply within seven working days, probably much sooner.
We use GitHub's Security Advisory feature to track open security reports. You should expect a close collaboration as we work to resolve the security vulnerability you have reported. Please reach out to [email protected] if you do not receive prompt attention and regular updates.
You may also reach out via Discord; however, please use the GitHub Security Advisory when reporting a vulnerability, and avoid revealing information about vulnerabilities in public if that could put users at risk.
If you believe that an existing GitHub-Issue is security related, we ask that you send an email to [email protected]. The email should include the GitHub-Issue-ID and a short description why it should be handled as security related.
We prefer all communications to be in English or German.
We will create a public "Hall of Fame" for all security researchers those support us!