If you encounter a bug, issue, or vulnerability that doesn't pose an immediate security risk, you can report it through the regular issue tracker.
If you discover a security vulnerability within Sonar, please follow these steps to report it:
- Do not disclose serious issues publicly before they are fixed.
- Please provide as much detail as possible about the vulnerability.
- Depending on the severity and complexity of the issue, the response time may vary.
- Additional information might be requested.
- Once the vulnerability is confirmed, an update with the fixes will roll out.
- Users will be notified some time later to ensure safety for those who are using a vulnerable version.
- You will be publicly acknowledged for your contribution if you choose to be credited.
If you have any questions or concerns regarding the security of this project, please open a ticket on Discord or contact me via email at [email protected].
- Special thanks to the contributors of Sonar, and also those who reported security issues or bugs.