Skip to content

Security: freshbooks/statsdecor

Security

SECURITY.md

Responsible Disclosure

Our development team has up to 90 days to implement a fix based on the severity of the report. Please allow for this process to fully complete before you publicly disclose the vulnerability.

Out of Scope

  • Our online services (GitHub Pages).
  • Version disclosure.
  • Lack of security headers.
  • Cookies without a secure flag.
  • Recently disclosed 0-day vulnerabilities
  • Vulnerabilities on sites hosted by third parties unless they lead to a vulnerability on the main website.
  • Vulnerabilities that are contingent on physical attack, social engineering, spamming, DDOS attack, etc.
  • Vulnerabilities affecting outdated or unpatched browsers.
  • Bugs that have not been responsibly investigated and reported.
  • Issues that aren't reproducible.
  • Issues that we can't reasonably be expected to do anything about.

Scope

  • Our open-source projects.

Report a bug

Please report security issues to the email address found on https://www.freshbooks.com/policies/responsible-disclosure

There aren’t any published security advisories