If you've found a security-related issue with Tirreno, please email [email protected]. Submitting to GitHub makes the vulnerability public, making it easy to exploit. We'll do a public disclosure of the security issue once it's been fixed.
After receiving a report, Tirreno will take the following steps:
- Confirmation that the issue has been received and that it's in the process of being addressed.
- Attempt to reproduce the problem and confirm the vulnerability.
- Create a patch or implement the necessary changes to address the vulnerability.
- Release a new version of all the affected versions.
- Prominently announce the problem in the release notes.
- If requested, give credit to the reporter.