We take security issues seriously. If you discover a security vulnerability, please do the following:
-
Do not open a public issue. This could allow the vulnerability to be exploited before it is fixed.
-
Email us directly at
security@sageteam.org. Include the following information in your email:- A detailed description of the vulnerability.
- Steps to reproduce the vulnerability (proof-of-concept code is preferred).
- Potential impact of the vulnerability.
- Any possible mitigations you have identified.
-
Give us a reasonable amount of time to respond. We aim to acknowledge your email within 48 hours and will send regular updates on our progress.
-
Coordinate disclosure. Once the vulnerability is fixed, we will coordinate with you on the disclosure process. We would appreciate it if you give us a chance to release a patch and announce the vulnerability before you publish any details.
To ensure the security of our project, we follow these practices:
- Regularly update dependencies to mitigate known vulnerabilities.
- Use static analysis tools to detect potential security issues.
- Conduct regular code reviews with a focus on security.
- Maintain a secure environment for our infrastructure.
Here are some resources for understanding security vulnerabilities and best practices:
If you have any questions or need further information, please contact us at security@sageteam.org.
Thank you for helping us keep our project secure.