You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We take the security of Yopass seriously. If you believe you have discovered a security vulnerability in Yopass, we encourage you to report it to us responsibly.
If you find a vulnerability in this project, please report via email at johan{a}haals.se and do not create a public issue to prevent abuse.
## Security Vulnerability Disclosure
There are a couple of things that I do not consider to be security issues:
Please follow these guidelines when reporting a security issue:
- Enumeration/Gusessing of UUIDs or decryption keys
1. Email the report to johan{a}haals.se. Please do not create a public GitHub issue.
2. Provide a detailed description of the vulnerability, including steps to reproduce the issue, potential impact, and any suggested mitigations or remediations.
3. Allow a reasonable time for the Yopass maintainers to respond to your report and address the vulnerability before publicly disclosing it. We will keep you updated on our progress.
We appreciate your efforts in keeping yopass secure for everyone and will acknowledge your contribution in the project's security advisories or changelog once the issue has been resolved.
There are a couple of cases that we do not consider to be security issues:
- Enumeration/Guessing of UUIDs or decryption keys
- URLs being stored in browser history/cache
- Vulnerabilities in build time dependencies not exploitable at runtime
