starred/Sonarr
1
0
Fork 0
mirror of https://github.com/Sonarr/Sonarr.git synced 2026-03-02 22:57:43 -05:00
Code Issues 82 Projects Packages Wiki Activity

Responsible disclosure policy #3951

New issue
Closed
opened 2026-02-20 06:00:00 -05:00 by deekerman · 5 comments
deekerman commented 2026-02-20 06:00:00 -05:00
Owner
Copy link

Originally created by @JamieSlome on GitHub (Dec 7, 2021).

Hey there!

I belong to an open source security research community, and a member (@dwisiswant0) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Originally created by @JamieSlome on GitHub (Dec 7, 2021). Hey there! I belong to an open source security research community, and a member (@dwisiswant0) has found an issue, but doesn’t know the best way to disclose it. If not a hassle, might you kindly add a `SECURITY.md` file with an email, or another contact method? GitHub [recommends](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository) this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future. Thank you for your consideration, and I look forward to hearing from you! (cc @huntr-helper)
deekerman 2026-02-20 06:00:00 -05:00
  • closed this issue
  • added the
    docs
         label
deekerman commented 2026-02-20 06:00:02 -05:00
Author
Owner
Copy link

@bakerboy448 commented on GitHub (Dec 7, 2021):

discord and getting in touch with Markus or Taloth is likely be the best bet as far as the disclosure route, for now at least.

Same concept - albeit different discords and a different dev team - for Lidarr/Radarr/Readarr/Prowlarr for future reference.

@bakerboy448 commented on GitHub (Dec 7, 2021): [discord](https://discord.gg/Ex7FmFK) and getting in touch with Markus or Taloth is likely be the best bet as far as the disclosure route, for now at least. Same concept - albeit different discords and a different dev team - for Lidarr/Radarr/Readarr/Prowlarr for future reference.
deekerman commented 2026-02-20 06:00:02 -05:00
Author
Owner
Copy link

@JamieSlome commented on GitHub (Dec 8, 2021):

@bakerboy448 - thanks for the support here!

Just for reference the private report can be found here:

https://huntr.dev/bounties/c8e90d5b-c1df-449b-9a5e-b9a5a6189879/

It is only accessible to maintainers with write access to this repo 🤝

@JamieSlome commented on GitHub (Dec 8, 2021): @bakerboy448 - thanks for the support here! Just for reference the private report can be found here: https://huntr.dev/bounties/c8e90d5b-c1df-449b-9a5e-b9a5a6189879/ It is only accessible to maintainers with write access to this repo 🤝
deekerman commented 2026-02-20 06:00:02 -05:00
Author
Owner
Copy link

@Taloth commented on GitHub (Dec 8, 2021):

Nice catch there, we should be able to fix it. Also thx for the SECURITY.md suggestion, most ppl can find us one way or the other, but having it explicitly in an .md file is a good idea.

@Taloth commented on GitHub (Dec 8, 2021): Nice catch there, we should be able to fix it. Also thx for the SECURITY.md suggestion, most ppl can find us one way or the other, but having it explicitly in an .md file is a good idea.
deekerman commented 2026-02-20 06:00:02 -05:00
Author
Owner
Copy link

@JamieSlome commented on GitHub (Dec 9, 2021):

@Taloth - great, thanks for the confirmation!

If you think the report is valid, you can mark it on the report page, and the researcher will be awarded their bounty for their research.

Also, you can bag a bounty for fixing it too! 🤗

@JamieSlome commented on GitHub (Dec 9, 2021): @Taloth - great, thanks for the confirmation! If you think the report is valid, you can mark it on the report page, and the researcher will be awarded their bounty for their research. Also, you can bag a bounty for fixing it too! 🤗
deekerman commented 2026-02-20 06:00:02 -05:00
Author
Owner
Copy link

@dwisiswant0 commented on GitHub (Nov 12, 2022):

Any updates on this, @bakerboy448 & @Taloth?

@dwisiswant0 commented on GitHub (Nov 12, 2022): Any updates on this, @bakerboy448 & @Taloth?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
v5-develop
delete-series-files
html-encoded-titles
api-docs
develop
better-pending-releases
main
giant-disk-free-space
log-files-v5
history-v5
sidebar-close-button
chinese-season-pack
newznab-subs
v5-queue
parsing-foreign-releases
importing-icon-color
auth-success-debug
multi-langauge-with-english
release-group-parser
image-sharp
ja-as-japanese
parse-4-digit-anime-batches
no-logging-for-api-key-validation
manual-import-multiple-notifications
manual-import-no-items
mono-torrent-v3
small-fixes
differentiate-repacks-when-renaming
v5-build
quality-size-limits
v3
phantom-feature-rtorrent-erase
phantom-rtorrent-seedcache
phantom-badupdate
phantom-folder-rename-casing
phantom-diagnostic-script
v2
phantom-added-restriction-matching
phantom-x64
phantom-journal-mode-detection
pr/n3036_jtpavlock
phantom-mono-memory
sqlite-on-network-share
transfer-providers
dsm-sid-fix
normalized-name-cleanup
skyhook-notifications
curl-upgrade
stats
v1
v4.0.16.2946
v4.0.16.2944
v4.0.16.2943
v4.0.16.2942
v4.0.15.2941
v4.0.15.2940
v4.0.14.2939
v4.0.14.2938
v4.0.13.2934
v4.0.13.2933
v4.0.13.2932
v4.0.13.2931
v4.0.12.2900
v4.0.12.2892
v4.0.12.2866
v4.0.12.2849
v4.0.12.2825
v4.0.12.2823
v4.0.11.2815
v4.0.11.2804
v4.0.11.2800
v4.0.11.2793
v4.0.11.2784
v4.0.11.2774
v4.0.11.2762
v4.0.11.2743
v4.0.11.2724
v4.0.11.2697
v4.0.11.2688
v4.0.11.2680
v4.0.10.2656
v4.0.10.2624
v4.0.10.2579
v4.0.10.2544
v4.0.9.2513
v4.0.9.2457
v4.0.9.2421
v4.0.9.2386
v4.0.9.2342
v4.0.9.2332
v4.0.9.2300
v4.0.9.2278
v4.0.9.2257
v4.0.9.2244
v4.0.8.2223
v4.0.8.2208
v4.0.8.2158
v4.0.8.2093
v4.0.8.2008
v4.0.8.1988
v4.0.8.1967
v4.0.8.1929
v4.0.8.1902
v4.0.8.1893
v4.0.8.1874
v4.0.7.1868
v4.0.7.1863
v4.0.6.1847
v4.0.6.1820
v4.0.6.1805
v4.0.5.1801
v4.0.5.1791
v4.0.5.1782
v4.0.5.1778
v4.0.5.1760
v4.0.5.1740
v4.0.5.1719
v4.0.5.1710
v4.0.4.1699
v4.0.4.1695
v4.0.4.1692
v4.0.4.1668
v4.0.4.1650
v4.0.4.1616
v4.0.4.1572
v4.0.4.1515
v4.0.4.1491
v4.0.3.1486
v4.0.3.1465
v4.0.3.1442
v4.0.3.1413
v4.0.2.1408
v4.0.2.1367
v4.0.2.1341
v4.0.2.1312
v4.0.2.1262
v4.0.2.1223
v4.0.2.1192
v4.0.2.1183
v4.0.1.1168
v4.0.1.1131
v4.0.1.1114
v4.0.1.1096
v4.0.1.1047
v4.0.1.1014
v4.0.1.987
v4.0.1.953
v4.0.1.947
v4.0.1.933
v4.0.1.929
v4.0.0.924
v4.0.0.836
v4.0.0.825
v4.0.0.748
v4.0.0.741
3.0.10.1567
3.0.10.1566
v3.0.9.1549
v3.0.8.1507
v3.0.7.1477
v3.0.6.1342
v3.0.6.1335
v3.0.6.1266
v3.0.6.1264
v3.0.6.1196
v3.0.5.1144
v2.0.0.5344
v2.0.0.5322
v2.0.0.5319
v2.0.0.5301
v2.0.0.5250
v2.0.0.5228
v2.0.0.5225
v2.0.0.5163
v2.0.0.5153
v2.0.0.5085
v2.0.0.5054
v2.0.0.4949
v2.0.0.4928
v2.0.0.4919
v2.0.0.4918
v2.0.0.4913
v2.0.0.4855
v2.0.0.4753
v2.0.0.4748
v2.0.0.4689
v2.0.0.4645
v2.0.0.4613
v2.0.0.4472
v2.0.0.4427
v2.0.0.4409
v2.0.0.4389
v2.0.0.4374
v2.0.0.4370
v2.0.0.4326
v2.0.0.4323
v2.0.0.4230
v2.0.0.4146
v2.0.0.3953
v2.0.0.3732
v2.0.0.3645
v2.0.0.3573
v2.0.0.3530
v2.0.0.3527
v2.0.0.3357
v2.0.0.3243
v2.0.0.3212
v2.0.0.3154
v2.0.0.3004
v2.0.0.2850
Labels
Clear labels   
1%

   
blocked-by: skyhook

   
bug

   
connection

   
discussion

   
docs

   
download-client

   
enhancement

   
external-bug

   
indexer

   
missing-description

   
mono-bug

   
naming

   
needs-to-be-tested

   
needs-triage

   
one-day-maybe

   
parsing

   
platform: linux

   
platform: macos

   
platform: windows

   
priority:high

   
priority:low

   
priority:medium

   
priority:medium

   
proposal

   
skyhook/services

   
suboptimal

   
support

   
task

   
ui-only

   
up-for-grabs

   
v3

   
v4

   
waiting-for-contributor

   
waiting-for-info

   
wip
No labels
1%
blocked-by: skyhook
bug
connection
discussion
docs
download-client
enhancement
external-bug
indexer
missing-description
mono-bug
naming
needs-to-be-tested
needs-triage
one-day-maybe
parsing
platform: linux
platform: macos
platform: windows
priority:high
priority:low
priority:medium
priority:medium
proposal
skyhook/services
suboptimal
support
task
ui-only
up-for-grabs
v3
v4
waiting-for-contributor
waiting-for-info
wip
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Sonarr#3951
No description provided.