[Security] Please enable private vulnerability reporting

[qxyuan853]

Search before asking

• I had searched in the issues and found no similar feature requirement.

Description

Thank you for merging the security policy into this repository! 🎉

I noticed that the "Report a security vulnerability" option currently redirects users to the security policy page rather than providing a private channel to submit vulnerability reports.

Could you please enable the private vulnerability reporting feature on GitHub? This can be done via:

Settings → Code security and analysis → Private vulnerability reporting → Enable

Once enabled, security researchers and users will be able to submit vulnerability reports privately and confidentially through GitHub's built-in mechanism, rather than having to disclose issues publicly through a regular issue.

Thank you for your continued effort in improving the security of this project!

Use case

When a security researcher discovers a vulnerability in this project, they need a private and secure channel to report it without publicly disclosing the details. Enabling GitHub's private vulnerability reporting allows researchers to submit reports confidentially, giving maintainers the opportunity to address the issue before it becomes public knowledge.

Related issues

No response

Are you willing to submit a PR?

• Yes I am willing to submit a PR!

Code of Conduct

• I agree to follow this project's Code of Conduct

[gaoyan1998]

@aiwenmo Look at this. I don't have the permission to operate it.

help doc https://docs.github.com/en/code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/configuring-private-vulnerability-reporting-for-a-repository

[gaoyan1998]

@qxyuan853 Thank you for your contribution. It has now been activated.

[aiwenmo]

@qxyuan853 Thanks for your feedback. I've just enabled it.

[qxyuan853]

Thank you! I have reported the vulnerability through the private disclosure channel.