mirror of
https://github.com/directus/directus.git
synced 2026-01-25 12:07:56 -05:00
13 lines
900 B
Markdown
13 lines
900 B
Markdown
# Reporting Security Vulnerabilities
|
|
|
|
**If you believe you have discovered a security issue within a Directus product or service, please reach out to us
|
|
directly over email: [security@directus.io](mailto:security@directus.io).** We will then open a
|
|
[GitHub Security Advisory](https://github.com/directus/directus/security/advisories) for tracking the fix.
|
|
|
|
Directus values the members of the independent security research community who find security vulnerabilities and work
|
|
with our team so that proper fixes can be issued to users. Our policy is to credit all researchers in the fix's release
|
|
notes. In order to receive credit, security researchers must follow responsible disclosure practices, including:
|
|
|
|
- They do not publish the vulnerability prior to the Directus team releasing a fix for it
|
|
- They do not divulge exact details of the issue, for example, through exploits or proof-of-concepts
|