The go-httpbin project takes security issues seriously. We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.
To report a security vulnerability, please follow these steps:
-
Do not disclose the vulnerability publicly on GitHub issues, discussions, or elsewhere.
-
Submit your report via this repo's New Security Issue page, using GitHub's built-in security advisory feature
-
Please include the following information in your report:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any potential solutions you may have identified
-
You will receive an acknowledgment of your report through GitHub's security advisory system.
-
We will investigate the issue and provide updates on our progress through the advisory. We may ask for additional information or guidance.
-
Once the issue is resolved, we will publicly acknowledge your contribution (unless you prefer to remain anonymous).
This security policy applies to the latest release of go-httpbin. For older versions, please consider upgrading to the latest release.
go-httpbin is a personal side project. While we take security seriously, please understand that response times may vary based on the severity of the reported issue and maintainer availability.
Thank you for helping keep go-httpbin and its users secure!