[
https://issues.apache.org/jira/browse/FINERACT-1042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18024108#comment-18024108
]
Adam Monsen commented on FINERACT-1042:
---------------------------------------
For posterity: instructions on how to properly report a security vulnerability
now appear coherently in the following places:
* in the top-level README under the "SECURITY" header
* https://fineract.apache.org#contribute
* https://fineract.apache.org/docs/current/#_security
> Add Information in Readme to report Security vulnerabilities
> -------------------------------------------------------------
>
> Key: FINERACT-1042
> URL: https://issues.apache.org/jira/browse/FINERACT-1042
> Project: Apache Fineract
> Issue Type: Improvement
> Reporter: Manthan Surkar
> Assignee: James Dailey
> Priority: Major
> Labels: technical
>
> Fineract may have a hidden security vulnerability, which cannot be disclosed
> publically by making a Jira issue or mailing on the list (since it may affect
> current users). Should we add a contact email and information on how to
> handle this in the readme? I tried to find if we are already doing this(I
> could not find any).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
