This policy details how to report vulnerabilities and the steps taken to ensure vulnerabilities are mitigated.
We only support the latest version of LilyBot, as this is the version used in our production bot environment. If you are using an outdated version, please update and see if the vulnerability is still present.
When reporting a vulnerability, we request that you gather all the information you can about the vulnerability and compile it into a document before sending it to us via email at [email protected].
You will receive a response quickly declaring that we have received your email and the contents of it and are now aware of the vulnerability. We will proceed to make inquiries into the severity of the vulnerability and determine the speed and course of action to take.
You will receive updates on the vulnerability as and when we have them. You will be regularly informed of what we find and the course of action we are taking.
Upon removal of the vulnerability you will receive an email detailing this and a new release will be created, containing a fix for the vulnerability, to ensure that everyone is made safe.