The Sylva project is committed to maintaining the security and integrity of our software. We value the contributions of security researchers and the community in identifying and reporting vulnerabilities.
Reporting a Vulnerability
If you discover a security vulnerability in Sylva, please report it responsibly through our Coordinated Vulnerability Disclosure (CVD) process.
Submit a vulnerability report by creating a confidential issue in our Security Vulnerability Reports GitLab repository.
Please include as much detail as possible, following the provided template. Your report will be handled with strict confidentiality.
Our Commitment
- We will acknowledge receipt of your report within 5 business days.
- Our security team will investigate and work with you to address the vulnerability.
- We will keep you informed throughout the process.
- With your permission, we will publicly acknowledge your contribution once the issue is resolved.
For more information about our security policy and CVD process, please refer to our Security Vulnerability Reports repository.
