If you believe you have found a security vulnerability on one of parse-community maintained packages, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem. Before making a report, please review this page to understand our disclosure policy and how to communicate with us.
If you comply with the policies below when reporting a security issue to parse community, we will not initiate a lawsuit or law enforcement investigation against you in response to your report. We ask that:
- You give us reasonable time to investigate and mitigate an issue you report before making public any information about the report or sharing such information with others. This means we request at least 7 days to get back to you with an initial response and at least 30 days from initial contact (made by you) to apply a patch.
- You do not interact with an individual account (which includes modifying or accessing data from the account) if the account owner has not consented to such actions.
- You make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) destruction of data and interruption or degradation of our services.
- You do not exploit a security issue you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues). You do not violate any other applicable laws or regulations.
All vulnerabilities should be privately reported to either Node Security or directly to us at the following address security at parseplatform dot org
You can use our PGP public key, which is also uploaded here:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFbZHTcBEADMJledXkBantsiKc5fbln3j Bj3R2fP6xcUZ4N6RdKj/19G8e4
Lwso/SEDlKKuh 1ORHrcXbYBPNRTi syf0dtL6uqNKVS jzuS48qd7G04Foe qs
rg5k80TfRLboCoESIS4C8E6sdjCMKEj8b QQU8YyzL470 gYwgg7bfvHyECuS4AD
lPssBi03cQdVlYjxNWQZAfVMZ 5zcvpS4P5KOCZPT082rzlgQEmVpmNuTyBELNtl
TBcVK9Sq6/KlNNSXMbGfJlMMq0kgAzVxrSyx3y0gOnRx1DR a5jJSecPtdVJYno8
9mwRT6Z1B/boN6GmEhC3vikmsOmA umaLoscQcwjQj7jK5rPTF8ypuDfVNa kAUS
ONFrayDQljwMEVHZ5/lk9TfEwrnarN8q0fRs2MXaJsD/YlTHG5/9LJs3mMk5yQpq
VGq0sydprnubW36nbP0SkH2LMRrLhQWoLEvtjkz7EaqGLWKO6N0Nr BT1YBy5gM
evc5mUeHUTPqflDht1crHn0rdfWmtDzEsNUWc9GR1hK2 x8U43YUPDmmgRYZyCGP
iKdmrF0kUDlh2mmok3dXlQCZesXaeFvSbIFMfL7midhbiWyCfDtAIQPfBTKNtfc3
qbaAoEHmYS2Yjri0rRqK9zbFqDgOR7Ap/ExeoOuaAMx1bvjV0QBm0W8q QARAQAB
tC1BcnRodXIgQ2luYWRlciAoR2l0aHViKSA8YXJ0aHVyQHBvcHN1Z2FyLmNvbT6J
Aj0EEwEKACcFAloYZqECGwMFCQeGH4AFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AA
CgkQgZHETYyfyECCKA/8CbpKrMJn UhP4s5eUisx6wSfqDWuHGkvhecxTWLRGGRT
yycDm7PJxSb3AdJ//sUTGemG88kpLXmEGt3HpINqB0B4J aqTB/Ei0 1g/FH0LXP
RlCehH0RpLHJmplkEbd2VZ8wFN9 tW1u4jhG LCZD8pAVy7f36QixCZA3fdlt9GN
K2Jq2456dMpHmaLdUbrYERcDSKmDVKBRa8/CTe9hAkA83kAt0xgWjr/Byxw L3wi
Ar4/twAwLAHCzl7HTVvbWOXYehM8dpybE7rFV/1OACg3i2uppLE1oGeS2s4HBv84
WYNx0oBlBzEefpDAxz1NQI4HnKtBopt8jNUs5GEa1GR4eSNdMf9SmX7MRBNgDKuY
PsvZQLUBqG8GYZR214NzK9wf0VkQDkZ PwG L5pnpKtc7RwsR49z2qyti/nZfPP7
y9gJanTNPkzgx2YAk UBrKL7435XfFAW6mo2y5LLbD6ouT2hGDfnhsSuMrS4bAdM
7ua9B8vs2cnwYXUFM7ydAueaPvfP0x5i0ZQrphls3ZUpKRpWORSXa0fTNinSpzqW
YzTmPxJsHsyioPlRsl2/r97I9XJ9i5gjMDkNI3TQpGKFy/YNMk7rkk1dp3hq3aP/
xt0P/2yL/MJEj9Jus9FTKGqVtOn73e8oSOsu0ngpllYasYaLkO19MJ2lemSW CC0
LEFydGh1ciBDaW5hZGVyIChHaXRodWIpIDxhY2luYWRlckBnbWFpbC5jb20 iQI9
BBMBCgAnBQJaGGJcAhsDBQkHhh ABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
EIGRxE2Mn8hAGVcP/RkqkER8/AKWfPFQs40Epe3mocuLyEW1CHX5LkFTjya42GAM
0BKk bStRrMQ4rBGOmdKGxphysQFZn4bscRUVMmJd/frJ0s8ConSfWzaweL7rbQO
UgGnL4mSNUvQkNCoO/RgKJapq9G/ jA9RRYEoSncE1/i3FQ 96JWfRRYy3MGYi9H
WmH3UFQ8cJ1JAFMIGaxuHuNQ20mStVDSuK3Zm8KVxk8rWHb2O8lye4bcBi7OLXYx
oZEoLrbLQinMbuccNaMq2j3ZNLOPYUDyyv5O81WzN70A7r0rkipOaJx4LiXE2/NT
3vz1CyT7i 2/GlLL113DP0DA8neMjx6MzpxOo7MgT ZBHRRZh tWoqfJKclh6Duw
rAJ9BOxSCm1y4BxTxuWrb5mU/RDCe3oC7PTA6wIMbJThqxtRpjqa17oWn2UXyJOH
aEXvt6jH6YqqFV9liArwkjZZl4KKyiqZ8UFKLteIVSK5xlwQ/ICW3uPYRpYhIFj0
fMaqN5SFcMOxtD4L5SP4k7HRn8l/gVoWQyIMJMip87sPCw7mRe5jq91n9s33stHr
vByL0ownS5MmvKXLLAyAltw2FcIyafcn6mKNGMUBunM14/j5uXaMcgz3MQtYjkvk
Fh6uX1OqLt/rpOhsRTeDRvjGvAFtdLt1QtDEz4i9kGN4h4B/XqwEbVNMWyv4tDlB
cnRodXIgQ2luYWRlciA8NzAwNTcyK2FjaW5hZGVyQHVzZXJzLm5vcmVwbHkuZ2l0
aHViLmNvbT6JAj0EEwEKACcFAloYaaMCGwMFCQeGH4AFCwkIBwMFFQoJCAsFFgID
AQACHgECF4AACgkQgZHETYyfyEANHBAAuOkRMEoCuRjN3Dz/bP7SpWSFnBjOWW42
Lbie3bXbT1SYRltd7AM3ICu2M8OzjATzrDimmGi7K4qxFIGnz sjp9NRr6x7Ohgi
bPwmU1OMIjuARPhsauUyyUNI wKbRG9/tO0YxOUBadsKcVYY 6JxhsjrO5qb9NUI
WaNvwfCPlSBDcvsKCOVu6weyw9FGpaaKZcscge8tPPEQCf7FYKy6NYPVK6/D7qn6
myaKe/dh/HwozZ0o2NhW3uIAdd4OIvmWE7rh97B7afKXTiIfiqWqtkFhH0RxdR2q
Damg0BiGjdARqSnneLKDPgIwr904yM1RD36BkPcP8WH3ommsK95mrUKrZtLAQA6J
J6uESkuHNtcy5XTx4eF2cD2uaJTcRjlbAHFBMEI/ vr4umo 8wt38JhY XtSot6W
rS99JU6Ht1/SMYdz/rFisOWHb6hS69DOSCEK68lne6n0u1AnsWnDHwbQxcaSEreR
axXMzgMtRuM5R4ncLpx0nUwhxlRoIyo2GN6aghXcCrZt1fsLXBilag1moxZgh YE
RaVOsBASuqO/5m609Mi8AGLbuLU 39Ekb/b2ozw/MRvGPNfXC1XIqPe4asEE9GNL
XdVqvrHhEexBpv7El9yQ9qyllzEEdv5 soMcUQmjJAVabx 0gtLb5x3QHD4V8ttT
kA8kUPG5MyO5Ag0EVtkdNwEQAKssJS3MZiu6WkBact/HvDjJrq S1HcxeTLYbFXK
lEsolW5sw0IX5ORM9 Z9LfUTyVcyU6w/UbM91IecjNnFQkMvIQy8lVhrqO20FL46
Vu6G5HezIf2hg/1vgt891hrKMrySQDDyGo68f6uF3U SJLeNPRoB4O8qL2RHXfC3
3ti6FAoOFfRGe/CNB35viK/L//6O3pCFz/nrckEaMzH/GOrcZ8xlrFyeKhsOjtoR
S2MDSNpIJfZP pbtBgVW5lA5HDlyy5s52jXgd0 1Ktw1FV1uCjsgaX9xfbfXG8o1
SxpKpj1dI8WQ/7ZuCTxu0phyJsQPmfIHb5kBvZjm4vqpnCfbbFWxsQE T01PRsV
rWdh1EG4dlTMkvZtMfAnDZV Cqf6FELb/KhrbRqlCjHeC99tn6YP9EpvLNIgUnD6
qiV2QVHMKZ wRfRUAYUBtvbFYqbbEqLySpW0ahPB/UmLUMjvArzrQkxvKFM20nb8
HnAAKAZpgjhXTO9OBiNErCfiORooZLEs1MBeR1u8932GL/uKSDX0RhTYBBFDVoNy
zGj3lW3YfnCurVIjCoj jAZGMSVi67GnUuhm0Vj2K4mdSbq40TwhXxKlp8G0uSU4
SmCm yjTVcgQj Xj fsFJh6YGIgkcLEpbZS6kCLKcnx 44U3nZYPZch0 3/m8Uaf
i3e5ABEBAAGJAiUEGAEKAA8FAlbZHTcCGwwFCQeGH4AACgkQgZHETYyfyEBEcQ/8
DXyIYahE4JmY4REkdSnTQQ09etNmlqZbnMo1y7aYqDgqoixGpZAyE5U3oxGMeNBD
P XEaZGDav9wfiOlnofMXBa65kbtWoz/ dLc sTAjNdWvucuzP0yiE0 RNkOtvmY
5BlGgIQS9PTRaw86aRFOE5LilAoR/jv mOMPt1dcLfHksmCpW 3OzPyxCA703fE5
l7xOXYOAhPGMco30EftebbZkiaAmoZFese92pRenTJXi007ALhMpjPbk5D7717DZ
4/g2gqT Zs8fZe4tUHjo8LSQrFh/i3TpyBoAIouJsuvVvXy0r iucKvfBjB4vdQb
b33Fft2DYVBMpVVfnjRg1Y p5IFNWByI5NYfFsf8AWLHhOWargYmiUjHMdDFXuea
3QUTzHARp4HsqoZocjhKEoW5 j0MTVM6q7cTGgkNvAUmlPEzpvjQP84zkeM7gskP
vaKjgp0gIaCMlzP2fRSKqQ2f84LhKj0mZDy7HQNhtKme1l014HgTbbP7GDJ2UMse
uHgdaLLljuHFbHYAgGI7Uck225weDESF8enizh1ZF1itRliN47ICsef1RQJCgrJb
dkoPBN52k7VhS3vUIQhA1P1sLSEtPMuJ8SDq0CuA008WpU/xHdm1b xcBxrabuoz
6jfgzgnAZveF5DMisrOnbi4GHVIiHXvWrrIglA6o1sM=
=paxU
-----END PGP PUBLIC KEY BLOCK-----