🚀Announcing Flightcontrol - Optimized Deployment for Fullstack Blitz.js and Next.js 🚀

Security Policy

Thank you for taking the time to responsibly disclose any issues you find.

All security bugs should be reported by email to security@blitzjs.com. Your email will be read by Brandon Bayer, the creator and lead maintainer of Blitz.js, and he'll answer you with the steps you should follow.

This email address receives a large amount of spam, so be sure to use a descriptive subject line to avoid having your report be missed.

If you have not received a reply to your email within 48 hours, or have not heard from the security team for the past five days, there are a few steps you can take (in order):

  1. 1. Contact Brandon personally via Twitter or Discord.
  2. 2. Contact any of the Core Team members personally via Twitter or Discord.
  3. 3. Post on GitHub a brief description of the issue.

Please note that GitHub issues are public. When escalating in these venues, please do not discuss your issue. Simply say that you’re trying to get a hold of someone from the security team.