mirror of
https://github.com/pmmp/PocketMine-MP.git
synced 2025-02-24 12:05:10 +00:00
27 lines
1.3 KiB
Markdown
27 lines
1.3 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
**DO NOT report vulnerabilities on the GitHub issue tracker.**
|
|
GitHub is public and anyone can see the issues you post on the issue tracker, including people who would exploit vulnerabilities for their own gain.
|
|
|
|
**WARNING: You may put live servers at risk by reporting a vulnerability on the GitHub issue tracker.**
|
|
|
|
**Contact us** by sending an email to [**security@pmmp.io**](mailto:security@pmmp.io). Include the following information:
|
|
|
|
- Version of PocketMine-MP
|
|
- Detailed description of the vulnerability (e.g. how to exploit it, what the effects are)
|
|
- Your GitHub username, if you wish to be credited for reporting the problem in the security advisory
|
|
|
|
Please note that we can't guarantee a reply to every email.
|
|
|
|
## FAQ
|
|
### Do you offer a bug bounty?
|
|
No.
|
|
|
|
### How soon can I expect a fix for a vulnerability I've reported?
|
|
This depends on the nature of the problem. We can't provide any general ETA (nor would it be wise to provide one).
|
|
In general, it depends on when developers have time to look into the problem, how complex the problem is to fix, and how many users it impacts.
|
|
|
|
When a fix for a severe vulnerability is pushed, a patch release for the target version will usually be released within 24 hours so that users can update.
|