Security Policy
Thank you for taking the time to responsibly disclose any issues you find.
All security bugs should be reported by email to security@blitzjs.com. Your email will be read by Brandon Bayer, the creator and lead maintainer of Blitz.js, and he'll answer you with the steps you should follow.
This email address receives a large amount of spam, so be sure to use a descriptive subject line to avoid having your report be missed.
If you have not received a reply to your email within 48 hours, or have not heard from the security team for the past five days, there are a few steps you can take (in order):
- 1. Contact Brandon personally via Twitter or Discord.
- 2. Contact any of the Core Team members personally via Twitter or Discord.
- 3. Post on GitHub a brief description of the issue.
Please note that GitHub issues are public. When escalating in these venues, please do not discuss your issue. Simply say that you’re trying to get a hold of someone from the security team.