Boxtribute is provided open source on an "as-is" basis with no warranties, implied or otherwise (see license). Security patches on reported vulnerabilities will be provided for the latest release only on a best-effort basis.
To report a vulnerability, please send an email to help@boxtribute.org with "SECURITY VULNERABILITY IDENTIFIED" in the subject. In the email, please describe:
- The observed vulnerability and the expected severity in two or three sentences;
- The steps to reproduce it (if available); and
- Ideally, a suggested fix if you have one, including a reference to the relevant lines of code and associated files.
The team will get back to you on the status of your report and whether your proposal has been accepted as soon as we can.