At FMI S.r.l., we take the security of our software products and services seriously. This open-source code is covered by our internal security policies.
While we do not currently offer a bug bounty program, we encourage responsible disclosure of any vulnerabilities. Please follow the provided guidelines to report any issues — we will ensure your report is forwarded to the appropriate maintainers for timely remediation.
| Version | Supported |
|---|---|
| 1.9.x | ✅ |
If you believe you’ve discovered a security vulnerability in any repository maintained by FMI S.r.l., we request that you report it to us through a coordinated disclosure process.
Please do not report security issues via public GitHub channels such as Issues, Discussions, or Pull Requests.
Instead, contact us directly via email at: oss[@]fmi.fc.it
To help us understand and resolve the issue effectively, please include as much of the following information as possible:
- The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
- This information will help us triage your report more quickly.
Providing detailed and accurate information will help us triage and address the issue more efficiently.
This policy is adapted from GitHub's Security Policy.