Skip to content

Security: rafmavrogordatos/FOSSBilling

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
0.4.x
0.3.x
0.2.x
0.1.x

Reporting Vulnerabilities

To report a vulnerability, please make a submission on Huntr.dev. Their website should give you a good idea on how to make a good vulnerability report. It's important to make the submission there as it keeps the vulnerability private which helps ensure it can't be exploited while a patch is in the works.

If you have a suggestion that is related to security but not an actual exploit, then creating an issue on GitHub is a suitable place.

Usually a good report should include which file(s) has the exploit, how the vulnerability could be exploited, the potential ramifications of the vulnerability, a proof of concept exploit, and if possible insight into a solution. A proper vulnerability report is awarded with a cash reward, if you provide a patch there is usually a reward with that as well.

Not a Vulnerability?

Reporting bugs This section guides you through submitting a bug report for FOSSBilling. Following these guidelines helps maintainers and the community understand your report 📝, reproduce the behavior 💻 💻, and find related reports 🔎.

Before creating bug reports, please check this list as you might find out that you don't need to create one. When you are creating a bug report, please include as many details as possible.

Note: If you find a Closed issue that seems like it is the same thing that you're experiencing, open a new issue and include a link to the original issue in the body of your new one.

Before Submitting A Bug Report Perform a cursory search to see if the problem has already been reported. If it has and the issue is still open, add a comment to the existing issue instead of opening a new one.

How Do I Submit A (Good) Bug Report?

A detailed guide can be found here: CONTRIBUTING. However if you're still unsure or it's too much to read drop a message on Discord. Sometimes it takes time to respond; please be patient!

There aren’t any published security advisories