If you discover a security vulnerability within Mail HTML, please report it via email to [email protected]. Please do not use public issue trackers or other public communication channels to report security issues, as this may lead to the premature disclosure of the vulnerability.
We take the security of our software seriously and appreciate your efforts to responsibly disclose any vulnerabilities. Our security policy is as follows:
- Confidentiality: We ask that you keep any information regarding potential security issues confidential until we have had a chance to review and address the issue.
- Acknowledgment: We aim to acknowledge receipt of reported security issues within a week.
- Resolution: We strive to address and fix security vulnerabilities as quickly as possible. Depending on the complexity of the issue, this may vary, but we will keep you updated on the progress.
- Disclosure: We request that you do not publicly disclose the details of any security vulnerabilities until we have confirmed and fixed the issue, or unless we have provided explicit permission to do so.
When you are investigating and reporting a vulnerability, you must not:
- Break the law.
- Access unnecessary or excessive amounts of data.
- Modify data.
- Use invasive or destructive scanning tools to find vulnerabilities.
- Attempt a denial of service, such as overwhelming a service with a high volume of requests.
- Disrupt deployed services or systems.
- Disclose the vulnerability to others before we have publicly disclosed it.
- Engage in social engineering, phishing, or physical attacks on our staff or infrastructure.
- Demand money to disclose a vulnerability.
Thank you for helping to keep our community safe!