17 lines
1.1 KiB
Markdown
17 lines
1.1 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to Thingsboard privately,
|
|
to minimize attacks against current users of Thingsboard before they are fixed. Vulnerabilities will be investigated and release as soon as possible.
|
|
|
|
To report a vulnerability or a security-related issue, please email the private address security@thingsboard.io with the details of the vulnerability.
|
|
Emails will be addressed within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime.
|
|
Do not report non-security-impacting bugs through this channel. Use GitHub issues instead.
|
|
|
|
**Proposed Email Content**
|
|
Provide a descriptive subject line and in the body of the email include the following information:
|
|
|
|
- Basic identity information, such as your name and your affiliation or company.
|
|
- Detailed steps to reproduce the vulnerability (log errors, screenshots are all helpful to us).
|
|
- Description of the effects of the vulnerability on Thingsboard. |