Please enable Private Vulnerability Reporting / add a SECURITY.md
Hi,
I have a security finding for postmarks that I'd like to share through a coordinated channel rather than a public issue.
There is currently no SECURITY.md in this repository and Private Vulnerability Reporting is not enabled on GitHub, which means there is no documented private way for researchers to report vulnerabilities.
Could you either:
- Enable Private Vulnerability Reporting for this repository: Settings → Code security and analysis → Private vulnerability reporting → Enable. (GitHub docs)
- Or add a
SECURITY.md with a private contact (e.g., a security email).
Once a private channel is available I will submit the finding straight away with a full PoC, impact analysis, and a proposed patch.
Thanks!
Please enable Private Vulnerability Reporting / add a SECURITY.md
Hi,
I have a security finding for
postmarksthat I'd like to share through a coordinated channel rather than a public issue.There is currently no
SECURITY.mdin this repository and Private Vulnerability Reporting is not enabled on GitHub, which means there is no documented private way for researchers to report vulnerabilities.Could you either:
SECURITY.mdwith a private contact (e.g., a security email).Once a private channel is available I will submit the finding straight away with a full PoC, impact analysis, and a proposed patch.
Thanks!