CourseLink Fixer is only meant to be used locally, and within a limited context, as such, secuity implications are likely limited. However, it is still possible that there may be an exploit within the program which poses a threat to the user, especially within an academic environment.
Given this, the following security policy is enacted to ensure that security reporting is done in a timely and safe manner.
| Version | Supported |
|---|---|
| 0.3.x | ✅ |
Based on serverity level there are two routes you can take:
If the security issue is not a 0-Day (or equivalent as defined here) Create an issue, with the following title format: [SECURITY]: Security Issue Description, and provide information about who the security issue effects and how severe it is.
Else, if it is, please use GitHub's private reporting functionality (which as been enabled on this repo) to report the vulnerability.
Once a issue has been fixed, I will try to provide a full write-up / post-mortem report about the issue. These reports will be published at surajgoraya.ca, as well as a closed issue within the repo.