How to report security vulnerability?

Various discussions related to Adblock Plus development
Post Reply
svennergr
Posts: 1
Joined: Wed May 10, 2023 6:53 pm

How to report security vulnerability?

Post by svennergr »

Hey,

how would I report a security vulnerability in ABP?
Don't want to do this public and would like to follow responsible disclosure.

Thanks,
Sven
User avatar
greiner
ABP Developer
Posts: 899
Joined: Mon Sep 03, 2012 5:29 pm
Location: Cologne, Germany

Re: How to report security vulnerability?

Post by greiner »

Thanks for reaching out and I appreciate your question to allow us to work on a fix in private.

The most direct way to report such issues to us is by creating a confidential GitLab issue. You can do that on this page, and by making sure that the "This issue is confidential and should only be visible to team members with at least Reporter access." checkbox is checked, which makes it confidential.

Alternatively, you can send an email with further details to support@adblockplus.org or security@eyeo.com (see https://eyeo.com/.well-known/security.txt) and we'll handle it from there. Ideally, the subject should indicate that it's about a security vulnerability.
Post Reply