If you discover a security vulnerability in Verbara.Sdk, please report it responsibly.
Use GitHub's private vulnerability reporting:
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Provide a detailed description of the vulnerability
- Acknowledgment: Within 48 hours
- Initial assessment: Within 5 business days
- Fix timeline: Depends on severity (critical: ASAP, high: 2 weeks, medium: next release)
- Do not publicly disclose the vulnerability until a fix is available
- We will credit reporters in the CHANGELOG (unless anonymity is requested)
This policy covers all packages in the Verbara.Sdk family:
- Verbara.Sdk.* (MIT licensed, nuget.org)
- Security issues in dependencies should be reported to the respective maintainers
- Asterisk PBX itself (report to Asterisk Security)
- Configuration issues in user deployments