If you believe you have found a security vulnerability in UrbanTree, our backend systems, services we use, or anything that may compromise the security the integrity and well-being of our platform, please report it to us through coordinated disclosure.
Warning
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, email us at urbantree[@]iesmontsia.org and include the word "SECURITY" in the subject line.
Please include as much of the information listed below as you can to help us better understand and resolve the issue:
- The type of issue (e.g. cross-site scripting, SQL injection, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
This information will help us triage your report more quickly.
Once submitted, your report will be reviewed by our team. We will then work with you to understand more about the issue and, if verified, make all efforts to address the vulnerability promptly.
We appreciate your efforts in keeping our community, users, and products safe. Thank you for your support in responsibly disclosing any issues.
Note
Note also that we can use GitHub Security Advisories to disclose, fix, and publish information about the vulnerability you responsibly reported to us.
You can find UrbanTree security advisories published here.