Your security is of utmost importance to us. This document outlines the steps to report vulnerabilities, our commitment to addressing security concerns, and the guidelines for responsible disclosure.
If you discover any security vulnerabilities or have concerns related to our plugin, please report them to our security team immediately. You can reach us by sending an email to dev@zapal.tech. We appreciate your responsible disclosure and will act swiftly to address the issue.
Our security policy covers the plugin hosted in this repository and its associated codebase. It also extends to any supporting infrastructure related to the plugin.
We value the security research community and recognize the importance of responsible disclosure. We commit to the following:
- Treating all reports with strict confidentiality.
- Acknowledging your report within a reasonable timeframe.
- Providing regular updates on the status of the issue.
- Not disclosing your findings without your explicit consent, except where disclosure is required by law.
When reporting a vulnerability, please provide as much information as possible to help us understand and reproduce the issue. This may include:
- A detailed description of the vulnerability, including the affected component.
- Steps to reproduce the vulnerability.
- The version of the plugin and other relevant software.
- Any proof-of-concept (PoC) code, if available.
Upon receiving your report, we will:
- Verify the reported vulnerability and its severity.
- Work to address the issue promptly.
- Keep you informed of our progress and the estimated timeline for resolution.
We are committed to regularly reviewing and updating our security measures. As such, we may issue security patches, updates, or new releases as needed to address vulnerabilities or enhance security.
Your cooperation and responsible disclosure contribute to a safer and more secure environment for all users of our plugin. We greatly appreciate your efforts in helping us maintain the integrity and security of our software.