GitProxy supports responsible disclosure of security vulnerabilities and adheres to the FINOS Security Vulnerabilities Policy. If you find something you believe to be a security issue in GitProxy, we encourage and appreciate your report. Please report the issue privately to the project maintainers using one of the following methods:

• GitHub Security Reports: In order for the vulnerability reports to reach maintainers as soon as possible, the preferred way is to use the "Report a vulnerability" button under the "Security" tab of the associated GitHub project. This creates a private communication channel between the reporter and the maintainers.
• Email: If you are unable to or have strong reasons not to use the GitHub Security vulnerability reporting feature, please email the maintainers and cc: [email protected] with a description of the vulnerability.

1. Report the vulnerability privately using one of the methods above. Do not create a public GitHub Issue or make any public reference to the vulnerability.
2. The project team will acknowledge receipt of your report and triage the issue. If a vulnerability is confirmed, the team will work with you to investigate and resolve it.
3. Once a fix is available, a release will be made and the vulnerability will be publicly disclosed in accordance with the FINOS policy.