Skip to content

Security: RayelNabie/GymCommunity

Security

SECURITY.md

Security Policy

Responsible Disclosure

We appreciate you reporting security issues and believe in transparency and collaboration to protect our systems and users.

What to Do When You Find a Vulnerability

  • Report your findings as soon as possible via email to rayelnabie@gmail.com.
  • Encrypt sensitive information where possible (e.g., using PGP or S/MIME).
  • Do not abuse the vulnerability, for example:
    • Only download data necessary to demonstrate the issue.
    • Do not modify or delete any data.
    • Be extra cautious with personal data.
  • Do not share the vulnerability with third parties until it is fixed.
  • Do not perform attacks such as social engineering, denial-of-service, malware distribution, or spam.
  • Provide sufficient details to reproduce the issue, such as URLs, IP addresses, and a clear description of the vulnerability and your steps.

What We Promise

  • I will respond within five business days after receiving your report.
  • I will handle your report confidentially.
  • I will keep you informed of the progress.
  • You may report anonymously or under a pseudonym.
  • I will credit you as the discoverer if you wish.

What Is Out of Scope?

  • Trivial bugs without potential for exploitation.
  • Vulnerabilities in third-party managed platforms or services.
  • General web server or network settings outside our website.
  • Known and accepted external risks.

Security Principles

  • Respect privacy and data confidentiality.
  • Always act in good faith and within the law.
  • Avoid causing damage or service disruptions.

Contact

For reports, please use the above email address.

There aren't any published security advisories