Please DO NOT report security vulnerabilities using a public GitHub issue. If you believe you've found a security issue, please contact us through one of the following methods:
- Using GitHub security advisories:
https://github.com/saleor/<repository-name>/security/advisories
(replace<repository-name>
) - Alternatively, through our mailing list: security@saleor.io
We do not currently have a bounty program in place, so we cannot offer monetary rewards for any reported problems.
Whichever method you choose, you will be credited as the reporter once the announcement is published.