Skip to content

Security: highlight/highlight-php

Security

SECURITY.md

Our top priority is keeping our customers' data safe. If you have found an issue in our systems, please reach out to us.

Reporting a Vulnerability

If you believe you have found a vulnerability, please disclose by contacting us: [email protected]

Please try your best to describe a clear and realistic impact for your report.

Supported versions

Version Supported
main branch ️✅
any other

Vulnerabilities we care about 🫣

Note: Please use a self-hosted instance to perform any tests. Do not use the production app.highlight.io product for security testing.

  • Remote command execution
  • SQL Injection
  • Cross-site scripting (XSS)
  • Performing admin actions without authorization

Non-Qualifying Vulnerabilities

We consider the following out of scope, though there may be exceptions.

  • Reports from automated tools or scanners
  • Theoretical attacks without proof of exploitability
  • Social engineering
  • Physical attacks
  • Denial of Service attacks
  • Brute force attacks

Thanks

Thank you for keeping highlight.io and our users safe. 🙇

There aren’t any published security advisories