Skip to main content

📣 Reporting a vulnerability

Security Vulnerabilities

If you discover a security vulnerability in FOSSBilling, please do not disclose it publicly. Instead see below and follow our security policy so we can take care of it without exposing more users to danger.

To report a vulnerability, please make a submission on Huntr.dev. Their website should give you a good idea on how to make a good vulnerability report. It's important to make the submission there as it keeps the vulnerability private which helps ensure it can't be exploited while a patch is in the works.

If you have a suggestion that is related to security but not an actual expoloit, then creating an issue on GitHub is a suitable place.

Usually a good report should include which file(s) has the exploit, how the vulnerability could be exploited, the potential ramifications of the vulnerability, a proof of concept exploit, and if possible insight into a solution. A proper vulnerability report is awarded with a cash reward, if you provide a patch there is usually a reward with that as well.

Not a Vulnerability?

Reporting bugs This section guides you through submitting a bug report for FOSSBilling. Following these guidelines helps maintainers and the community understand your report 📝, reproduce the behavior 💻 💻, and find related reports 🔎.

Before creating bug reports, please check this list as you might find out that you don't need to create one. When you are creating a bug report, please include as many details as possible.

Note: If you find a Closed issue that seems like it is the same thing that you're experiencing, open a new issue and include a link to the original issue in the body of your new one.

Before Submitting A Bug Report Perform a cursory search to see if the problem has already been reported. If it has and the issue is still open, add a comment to the existing issue instead of opening a new one.

How Do I Submit A (Good) Bug Report?

A detailed guide can be found here: CONTRIBUTING. However if you're still unsure or it's too much to read drop a message on Discord.

Sometimes it might take some time to get a response. Please be patient!