.github/SECURITY.md

This document outlines the Responsible Disclosure Program for Auth0open source software.

At Auth0 we take security seriously and consider it a top priority. Since apublic disclosure of a security vulnerability could put the entire Auth0community at risk, we require that potential vulnerabilities are keptconfidential until they are confirmed and fixed. We appreciate your efforts inkeeping Auth0 and its users safe by responsibly disclosing any securityvulnerability. Rest assured we will make every effort to acknowledge yourcontributions.

Any security related issue should be reported to Auth0 via the form at thebottom of theResponsible Disclosure Policypage.

If individuals prefer to directly communicate with the Auth0 security team,they are invited to send an email tosecurity@auth0.com. For encryptedcommunication, you can download our PGP key fromhere.

There aren’t any published security advisories