|
# Security Policies and Procedures |
|
|
|
## Reporting a Bug |
|
|
|
The `finalhandler` team and community take all security bugs seriously. Thank |
|
you for improving the security of Express. We appreciate your efforts and |
|
responsible disclosure and will make every effort to acknowledge your |
|
contributions. |
|
|
|
Report security bugs by emailing the current owner(s) of `finalhandler`. This |
|
information can be found in the npm registry using the command |
|
`npm owner ls finalhandler`. |
|
If unsure or unable to get the information from the above, open an issue |
|
in the [project issue tracker](https://github.com/pillarjs/finalhandler/issues) |
|
asking for the current contact information. |
|
|
|
To ensure the timely response to your report, please ensure that the entirety |
|
of the report is contained within the email body and not solely behind a web |
|
link or an attachment. |
|
|
|
At least one owner will acknowledge your email within 48 hours, and will send a |
|
more detailed response within 48 hours indicating the next steps in handling |
|
your report. After the initial reply to your report, the owners will |
|
endeavor to keep you informed of the progress towards a fix and full |
|
announcement, and may ask for additional information or guidance. |
|
|