At Hemi Labs, we consider security a fundamental part of our network. We value the security of our network and our users, however no matter how much effort we put into security, there could still be vulnerabilities hiding.
Thank you for helping keep Hemi and our users safe!
Security patches will be provided only for the latest release of this project. This policy ensures that security updates are concentrated on the most up-to-date and stable version of the project. Older versions will not receive security patches.
If you discover vulnerabilities in Hemi, we encourage responsible disclosure of the vulnerability so that we can take steps to resolve the vulnerability as quickly as possible. We ask you to help us better protect Hemi and our users by reporting vulnerabilities through HackerOne. Never report security vulnerabilities publicly, especially on GitHub issues.
When reporting a vulnerability, the more information you can provide, the faster we can triage and confirm the reported vulnerability. Reports with clear and concise reproduction steps and screenshots are highly valued.
You can report a security vulnerability by:
- Please do not discuss any vulnerabilities outside of our HackerOne programs without express consent from Hemi Labs.
- Follow our program disclosure policy.
- Follow HackerOne's disclosure guidelines.
Please see Hemi's Safe Harbor Policy.
By following this Security Policy, we aim to improve and maintain the security of Hemi and our users. If you have any questions or concerns about this policy or this project's security practices, please do not hesitate to contact us at [email protected].