We take the security of Beta9 and Beam seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Please do not report security vulnerabilities through public GitHub issues.
Send an email to [email protected] with as much of the following information as possible:
- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
We appreciate detailed reports that help us understand and address the issue quickly.
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 3 business days.
- Updates: We will keep you informed about our progress as we investigate and address the issue.
- Resolution Timeline: We aim to resolve critical vulnerabilities within 30 days, though the timeline may vary depending on complexity.
- Credit: If you would like, we will acknowledge your responsible disclosure when we publish the fix (unless you prefer to remain anonymous).
If you have questions about this security policy or Beta9's security in general, please reach out to [email protected].
For general support inquiries, please use our regular support channels rather than the security contact.