Last updated: December 2024
Reporting Security Issues
We take the security of Knytstudio seriously. If you discover a security vulnerability, we appreciate your help in disclosing it to us responsibly.
How to Report
Please report security vulnerabilities by emailing [email protected] with the subject line "Security Report".
Please include:
- A description of the vulnerability
- Steps to reproduce the issue
- The potential impact
- Any suggestions for fixing the issue (optional)
Our Commitment
When you report a vulnerability to us, we commit to:
- Acknowledge your report within 48 hours
- Keep you informed of our progress
- Not take legal action against researchers acting in good faith
- Credit you for the discovery (if you wish) once the issue is resolved
Scope
The following are in scope:
- knytstudio.com and its subdomains
- Authentication and authorization issues
- Data exposure vulnerabilities
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Injection vulnerabilities
The following are out of scope:
- Denial of service (DoS) attacks
- Social engineering or phishing
- Physical security issues
- Third-party services we use (report to them directly)
- Issues already known or reported
Guidelines
When researching, please:
- Only test against your own accounts
- Do not access, modify, or delete data belonging to others
- Do not disrupt the service for other users
- Give us reasonable time to fix issues before public disclosure
Contact
For security reports: [email protected]