| Version | Supported |
|---|---|
| 1.1.x | ✅ |
Shipt's security team and community take security bugs in our software and applications very seriously. We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions. We have a few options available to accept these reports:
1.) Our public bug bounty program through HackerOne - https://hackerone.com/Shipt
2.) Via email: Send an email to [email protected] with a detailed proof of concept (POC) and/or evidence clearly outlining the vulnerability. Please include the word "Shipt OSS Vulnerability" in the subject line.
With either method you choose above, Shipt's platform security team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and/or disclosure (if applicable) and may ask for additional information or guidance.
NOTE: Please report security bugs in third-party modules to the person, company, or team maintaining that module.