Skip to content

Security: gorilla/websocket

SECURITY.md

Security Policy

🛡️ Found a security issue in a Gorilla project? Read on.

Reporting a Vulnerability

Maintainers will attempt to respond to/confirm reports within 2-3 days, but if you believe your report to be "critical" to user safety and security, please note as such in the subject. We have tens of thousands of users using our software, and take security vulnerabilities seriously.

When reporting an issue, where possible, please provide at least:

  • The project and commit version the issue was identified at
  • A proof of concept (plaintext; no binaries)
  • Steps to reproduce
  • Your recommended remediation(s), if any.

The Gorilla team is a volunteer-only effort, and may reach back out for clarification.

Report using GitHub issues

To report a vulnerability via GitHub issues, click on the Issues tab at the top of any repository and then click on the New issue button, then click on the Report a vulnerability button and fill out the form.

Report using email

To report a vulnerability via email, send an email to [email protected] - which is a private, maintainer-only group.

Learn more about advisories related to gorilla/websocket in the GitHub Advisory Database