• DO NOT OPEN A GITHUB ISSUE OR PULL REQUEST (unless following reporting method B).
• REPORT IT PRIVATELY.
• PROVIDE REQUIRED DETAILS (listed bellow).

Only the latest version is supported for security updates.

When reporting a vulnerability (vuln) you must provide at-lest the following:

• Vulnerability type/classification
• Is it a dependency? (true/false)
• Affected component (source file, function or route)
• Impact (what happens when exploited)
• Justify importance (only if the vuln is obscure and has no CWE identifier)
• Impacted version (version number or git commit hash)
• Impacted platforms (windows, mac, linux, openbsd etc)

Recommended including:

• Poof of Concept
• Explanation of attack and how to reproduce
• Patch

If you obtain a CVE for a vulnerability found in this repository please contact me with the CVE identifier.

To report a vulnerability, navigate the Localrelay's Github repository. Here you will find a tab called "security", next privately submit a vulnerability via Github's built in system.

Alternatively, find my contact details are (signed and) provided at https://github.com/go-compile/public-key. However, there is guarantee no I will see your message. Resulting, you are recommended to make a public issue which only asks for my contact information. Do not: (1) make a public issue disclosing the vuln, (2) make a public issue stating there is a vuln.

Full disclosure, opposed to responsible disclosure (privately reporting and awaiting a patch), is ill-advised. Upon notification of a vulnerability (in-private), a patch will be issued with upmost urgency in a timely manor, thus no need for full-disclosure. However, if you do opt for full-disclosure, please still contact me and provide access to the publication material.