|
|
@@ -8,9 +8,7 @@ We actively patch only the most recent minor release of Cline. Older versions re
|
|
|
|
|
|
We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.
|
|
|
|
|
|
-To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/cline/cline/security/advisories/new) tab.
|
|
|
-
|
|
|
-The team will send a response indicating the next steps in handling your report. After the initial reply, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
|
|
|
+To report a security issue, please submit your report through our [Bugcrowd Vulnerability Disclosure Program](https://bugcrowd.com/engagements/clinebot-vdp-ess). Bugcrowd will manage communication and triage on our behalf.
|
|
|
|
|
|
When reporting, please include:
|
|
|
|
|
|
@@ -18,10 +16,10 @@ When reporting, please include:
|
|
|
- Steps to reproduce or a proof of concept
|
|
|
- Any logs, stack traces, or screenshots that might help us understand the problem
|
|
|
|
|
|
-We acknowledge reports within 48 hours and aim to release a fix or mitigation within 30 days. While we work on a resolution, please keep the details private.
|
|
|
+Please keep the details private until a resolution has been reached.
|
|
|
|
|
|
## Escalation
|
|
|
|
|
|
-If you do not receive an acknowledgement of your report within 5 business days, you may send an email to [email protected].
|
|
|
+If you are unable to submit through Bugcrowd, you may send an email to [email protected].
|
|
|
|
|
|
Thank you for helping us keep Cline users safe.
|
TheRealSpencer