57 lines
1.6 KiB
YAML
57 lines
1.6 KiB
YAML
name: 🔐 Security Vulnerability
|
|
about: Report a security issue (PRIVATE - use email instead)
|
|
title: 'DO NOT USE - Email security@evercatch.dev'
|
|
labels: ['security']
|
|
body:
|
|
- type: markdown
|
|
attributes:
|
|
value: |
|
|
# ⚠️ STOP — DO NOT USE THIS TEMPLATE
|
|
|
|
**Security vulnerabilities should NOT be reported publicly.**
|
|
|
|
Please email us instead: **security@evercatch.dev**
|
|
|
|
---
|
|
|
|
### Why?
|
|
|
|
Public disclosure of security issues can:
|
|
- Put user data at risk
|
|
- Allow attackers to exploit the vulnerability before a fix is ready
|
|
- Violate responsible disclosure practices
|
|
|
|
---
|
|
|
|
### What to Include in Your Email
|
|
|
|
- **Description** — What is the vulnerability?
|
|
- **Steps to Reproduce** — How can we reproduce it?
|
|
- **Impact** — What could an attacker do?
|
|
- **Proof of Concept** — Code or screenshots (optional)
|
|
- **Suggested Fix** — If you have one
|
|
- **Your Contact Info** — For follow-up
|
|
|
|
---
|
|
|
|
### Our Commitment
|
|
|
|
- ✅ Response within 24 hours
|
|
- ✅ Updates every 48 hours
|
|
- ✅ Credit in security advisories (if desired)
|
|
- ✅ Potential bug bounty for critical issues
|
|
|
|
Read our full security policy: [SECURITY.md](../../SECURITY.md)
|
|
|
|
---
|
|
|
|
**Thank you for keeping Evercatch secure! 🔒**
|
|
|
|
- type: checkboxes
|
|
id: acknowledge
|
|
attributes:
|
|
label: Acknowledgement
|
|
options:
|
|
- label: I understand I should email security@evercatch.dev instead of using this form.
|
|
required: true
|