We takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub repositories.
If you believe you have found a security vulnerability in this project, please report it to us as described below.
Please do not report security vulnerabilities through public GitHub issues.
If you prefer to submit without logging in, send email to report-vulnerability@opensource.fahli.net. If possible, encrypt your message with our PGP key.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: User-ID: Fahli Saputra <report-vulnerability@opensource.fahli.net>
Comment: Created: 7/19/2023
Comment: Expires: 7/14/2043
Comment: Type: 4,096-bit RSA (secret key available)
Comment: Usage: Signing, Encryption, Certifying User-IDs
Comment: Fingerprint: 3B698119464CAA418CC7BB5B02627B27EF896BB1
xsFNBGS3aj4BEADMe3jlVecs43t0Zv8a1F4p6uJ0lvR/MYlTBnuLOPLfrdKQ2jtF
U4A8AkYkczR4LPtv+dcFoSOROEV4nHICNLTLkOFpu9cBA81FrBCDy2Op/LhhWSay
AzDJ3naSxtDn1pY1kmI229zeJpUql5HO8ndAilGTBOZUpYcEx91X8c1RoY2tiHdN
9ek38q0CGIc1Ec82ZwzXDPT9J20KDwaLzJCyTu53dNvc3l5gsV8pHM7d9GbyPbxy
nhn3bcnrriwO4PGGquu6rptNncULUBRaX5KqE1ZgqP84UF4ASjJsKxDlJUSrOMEr
1V5AYSSMZ9AYr4jsYnq/Ok63XdYFzncbg/vqjkFXghDpgOYtyT/574M8SIut5xQn
UxTNpfITw8GKz3mV2GkA6uROb714WMK/IFmY6q6uAsiboeLAHZz/7j7+Va64OxJo
+x3htXlvAwUnAL1iBi/wKtnb4idU5Bi4VPSaxxs0TUqq5chrYW62wOrQkVxjMiYi
84IoURTneVu0nqAIcUSBINYXGmYXMHKM94KosqWEGzK9grYh9pawPQ+3Bd6Jg4xF
QPjJc9UJ0PIcG3S+1PnA7/jzP71XZHEOibgv8iLBv/zjSoYjLN+xtd4OG17GNZbs
p9I7PwaXvUnbWzWWvVMA8QqYfG+YXRcZRBbFV01XizljvRVfTrmP4OS3+QARAQAB
zTlGYWhsaSBTYXB1dHJhIDxyZXBvcnQtdnVsbmVyYWJpbGl0eUBvcGVuc291cmNl
LmZhaGxpLm5ldD7CwY0EEwEIADcWIQQ7aYEZRkyqQYzHu1sCYnsn74lrsQUCZLdq
QQUJJZgGAAIbAwQLCQgHBRUICQoLBRYCAwEAAAoJEAJieyfviWuxUmAQAKwEsDgx
wXa8dJRj7RCDdhUH5fwvbOx9S2woKfX9E3r4Un6LetXveFDEjaBFTTnCW8PX8XE8
+m6NI2vHLdEL9yoO8WNKKhSTGAfF0ittlWAMfXTLq/p0+0EHsSYUiN+I/SslWSgi
q4REg9eXznfmI+Z52s6AVJ8hrMxOrPPSV/+mt5KnqqmsoeIZb5sg7J3e0ReOAhRS
DduvLO0UXNKDiIKQYc15lPuybTqe7YJaMP1YfkTT6NTRfKzAoI8MyQkcTAHtuZjH
qxs3iLCk3VmU/OGmH0Yn9p4DlU6PDN61EitEi95d3CzUkaKkNyPWz11kmCn1aeyQ
vECmQitd2cOaeI+umYPFTMlWvkIlaNHyaRoPchxO02ggExu6XdZHymju386X/ACy
xfP8Vh8Inp2TcdA8jz+uEy8aGrWs2jm6K9kU3OUq4stFsTQpfpbYAn/hCxxK7Qy2
Epn4qQT1xkMeSLxjCEh6fHfCGjrpdV1O34Pyi4CKmGhqlI7DKeB/5pTVaaTVOecp
s8ehGwhRUmNaD64y5vucsQ1HdhhkPpN49pMdMvpuO8gMLCurhK8Dd4CXTSmibOnB
LF1YiiTYWC3J8vuF1pItddUoAz0n/zluLqyinj001w/qvv6HiblXuRKNbeRyKF7k
kegvzjDLOnk+MDw0MSL5gv1gT0bQmMogWaOGzsFNBGS3akEBEADGOvgP2GFuMS1b
SlGbUsoYac71+3jkcNTqMpHKPRgp/DcIDwWv+OwjDycc14c9tc7abd9iEnpn/dCL
urqwOwaom5v6KHHYaPzO2kiGJ2dTpniQFm1XfdOF9mRGWPHLFSbhxeeoI8DB7btn
8Wb7pj3ukHUKPUY1HkpBOYXHCxA5iPA9JhY+7mP2HEcGgU7hpxgfBAWbz2YJqynD
gH/T/OWr7PF+JhVCcHAqLbyJtKM4zXBRyey9+9qqW28pZABUqEiyvuRSFxka0QsC
YOUF/mC14K8cradDOAB+Y3jCDBFUexrP6jGDrmMzaQjrM7JOvO3vLJKNFb86bsBL
sdLOu0tAzETd4zBy7PAX+/0Mxxe/rnvVFmNeYDId7CiB8o440bPk1orM3UjaxKvi
s36nOON//bmijLt4OP/DkQ1wUDE7iovPOlhDSvOOSCrm0exoGvw36F0pEC05kWNG
7w1TkuXeREbtMVDEPfnNpo52teSFr1xBoEi8NCiTGG8CDP373/aagedFznYKg4DV
7YFZVEq+a1/TQQ8VlIsmVM2xC7Sa0wzkNEWFqKnypPkCdByj7u7zjUgjXoD/CbeF
zcu6DLiX9dJigdTxQUoLaUH8IUEO9Zq1nBY+No4QZ13sfNVC6cmCLfqsQJgyDKqF
ixBEbjpVCqvMpz1BkosbVsH7Kir3KQARAQABwsF7BBgBCAAmFiEEO2mBGUZMqkGM
x7tbAmJ7J++Ja7EFAmS3akQFCSWYBgACGwwACgkQAmJ7J++Ja7E9bQ/47SRwzcw8
jfYpk2tcicKLSeAzQENu7JadD5KRRgo3z0WGviSEgsiQ0nkc/RcUqZ+1pxYKsLb9
Mb5MDk2AcWz4qaLgEMAPyAECAeoUFmVMrGBLgDDO+YbWsxy84AtBO68eEfArSbVX
7t6eKaIby2mOg8SGvsJobNx9xxAX2GQUM9bYjD3vHgVGkqLMMsWKqPWauW+Ogmsi
peBgAIf9ZHDwV4zkkDx7a1CVJlDkcSJ+XbTBSlPFVFYWisTK3vqwz5vR6cGqpCfM
V+VZpIqMdxs7rf5LHYmqxaz4DhoMhwowd8gbHcDC+iYQewTn5UxLoxVTTMNAQGvT
5IWUTbAS8Vd4kFZzQdJrbrMZm9+Q9rfvpinQNn83hBczQMqKK5JKEi6Kj8N3Pig2
wJC9ytEpQ3bFIaybS39rZBUCgNyYu9ux1iVM89GnPd8NVrN16PidcqWdeLsXJDOv
IRibyR1SupX9nI6gGmsi4xz13nShtZJmMrZ2CgJ/8L2q0MCXUxj53Mt5K0/y90fD
8cmdgwIjNP0Q6pIRX6Lc337IRDVm+TMIzm/ZXLrJOF12UlMJg28M+BDlcNZcPIPN
H7IgaNE3/T9aExgLoXNF5kDBZEJZ35Ux2XG1E7kaNRHhF7D64v5TeqMpaec59Bz4
KUgbK7ZTC+pc6pH7q4BFseb9EcVOJsbRMg==
=K/mV
-----END PGP PUBLIC KEY BLOCK-----
You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
This information will help us triage your report more quickly.
We prefer all communications to be in English and Bahasa Indonesia.