Reporting a Vulnerability¶
If you find a security vulnerability in the mastercomfig app, execution of mastercomfig, or something else, contact mastercoms through email directly: [email protected].
If you have a solution for the issue, attach it as a patch file to the email.
You can expect a reply within 24 hours of your report with the next steps of action regarding the vulnerability. This may include a request to create a pull request to resolve the vulnerability if applicable.
You must not disclose the vulnerability publicly unless you have not received a response after 1 month.
If the vulnerability is declined, you may post it publicly after 48 hours of its declination, unless the declination is retracted within that time period.
On the vulnerability being fixed, you may also disclose the vulnerability publicly after 1 week of the fix being deployed.