Spaces:
Sleeping
Sleeping
# Security Policies and Procedures | |
## Reporting a Bug | |
The `finalhandler` team and community take all security bugs seriously. Thank | |
you for improving the security of Express. We appreciate your efforts and | |
responsible disclosure and will make every effort to acknowledge your | |
contributions. | |
Report security bugs by emailing the current owner(s) of `finalhandler`. This | |
information can be found in the npm registry using the command | |
`npm owner ls finalhandler`. | |
If unsure or unable to get the information from the above, open an issue | |
in the [project issue tracker](https://github.com/pillarjs/finalhandler/issues) | |
asking for the current contact information. | |
To ensure the timely response to your report, please ensure that the entirety | |
of the report is contained within the email body and not solely behind a web | |
link or an attachment. | |
At least one owner will acknowledge your email within 48 hours, and will send a | |
more detailed response within 48 hours indicating the next steps in handling | |
your report. After the initial reply to your report, the owners will | |
endeavor to keep you informed of the progress towards a fix and full | |
announcement, and may ask for additional information or guidance. | |