Skip to content

Security Policy

We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.

To report a security vulnerability, please follow these steps:

  1. Do Not disclose the vulnerability publicly on GitHub issues or any other public forum.

  2. Go to the Security tab of the reNgine repository.

  3. Click on "Report a vulnerability" to open GitHub's private vulnerability reporting form.

  4. Provide a detailed description of the vulnerability, including:

  5. Steps to reproduce
  6. Potential impact
  7. Any suggested fixes or mitigations (if you have them)

  8. I will review your report and respond as quickly as possible, usually within 48-72 hours.

  9. Please allow some time to investigate and address the vulnerability before disclosing it to others.

We are committed to working with security researchers to verify and address any potential vulnerabilities reported to us. After fixing the issue, we will publicly acknowledge your responsible disclosure, unless you prefer to remain anonymous.

Thank you for helping to keep reNgine and its users safe!

What do we expect from security researchers?

  • Patience: Please note that currently I am the only maintainer in reNgine and will take sometime to validate your report. I request your patience throughout the process.
  • Respect Privacy and Security Reports: Please do not disclose any vulnerabilities in public (this also includes github issues) before or after reporting on huntr.dev! That is against the disclosure policy and will not be eligible for monetary rewards.

What do I get in return?

  • Much thanks from Maintainer and the community
  • CVE ID(s)

Past Security Vulnerabilities

Thanks to these individuals for reporting Security Issues in reNgine.

2024

2022

2021