This document outlines the security policy and threat model for the WebdriverIO project.
The WebdriverIO team and community take all security vulnerabilities seriously. If you believe you have found a security vulnerability in WebdriverIO, please report it to us as described below.
DO NOT report security vulnerabilities through public GitHub issues.
Please contact us security@webdriver.io with a description of the vulnerability and steps to reproduce it. You should receive a response within 48 hours. If for some reason you do not, please follow up via the same email to ensure we received your original message.
For individual threat model analysis, please refer to the SECURITY.md file of a specific repository in this organisation, e.g.: