-
Notifications
You must be signed in to change notification settings - Fork 751
Fix #7176: [BUG] Security vulnerability: requesting a security contact #7309
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
brimoor
merged 2 commits into
voxel51:develop
from
JiwaniZakir:fix/7176-bug-security-vulnerability-requesting-a
Apr 6, 2026
+41
β0
Merged
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| # Security Policy | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| The FiftyOne team takes security vulnerabilities seriously. We appreciate your | ||
| efforts to responsibly disclose your findings. | ||
|
|
||
| **Please do not report security vulnerabilities through public GitHub issues.** | ||
|
|
||
| Instead, please report security vulnerabilities by emailing the Voxel51 | ||
| security team at: | ||
|
|
||
| **[email protected]** | ||
|
|
||
| You should receive a response within 48 hours. If for some reason you do not, | ||
| please follow up via email to ensure we received your original message. | ||
|
|
||
| Please include the following information in your report: | ||
|
|
||
| - Type of issue (e.g., remote code execution, authentication bypass, etc.) | ||
| - The component(s) affected (e.g., server, database, API) | ||
| - Step-by-step instructions to reproduce the issue | ||
| - Proof-of-concept or exploit code (if possible) | ||
| - Impact of the issue, including how an attacker might exploit it | ||
|
|
||
| This information will help us triage your report more quickly. | ||
|
|
||
| ## Disclosure Policy | ||
|
|
||
| When we receive a security bug report, we will: | ||
|
|
||
| 1. Confirm the problem and determine the affected versions. | ||
| 2. Audit code to find any similar potential problems. | ||
| 3. Prepare fixes for all supported releases. | ||
| 4. Release patched versions as soon as possible. | ||
|
|
||
| We kindly ask that you give us a reasonable amount of time to address the | ||
| issue before any public disclosure. | ||
|
brimoor marked this conversation as resolved.
|
||
|
|
||
| ## Supported Versions | ||
|
|
||
| We release security fixes for the latest stable version of FiftyOne. We | ||
| encourage all users to stay up to date with the latest release. | ||
|
brimoor marked this conversation as resolved.
|
||
|
|
||
| ## Preferred Languages | ||
|
|
||
| We prefer all communications to be in English. | ||
|
brimoor marked this conversation as resolved.
Outdated
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add encrypted communication option for sensitive vulnerabilities.
For high-severity issues (like the unauthenticated network-accessible vulnerability mentioned in
#7176), reporters need a way to send encrypted details. Industry best practice is to provide a PGP public key.π§ Suggested addition after line 13
π€ Prompt for AI Agents