If you discover a security vulnerability in Hydra, we ask that you report it to us confidentially. Please email us at [email protected] with the details of the vulnerability and steps to reproduce it. Please use "Hydra Security Disclosure" as the subject line for your email.
We will acknowledge receipt of your email and will aim to provide a timeline for remediation. We ask that you do not publicly disclose the vulnerability until we have had sufficient time to address it.
We encourage responsible disclosure practices, which means giving us a reasonable opportunity to fix the issue before making any information public. We also ask that you do not abuse the vulnerability or attempt to exfiltrate any sensitive data while we are working on remediation.
We will provide security updates for the latest version of Hydra.
We do not offer a bug bounty program for Hydra at this time. However, we appreciate and value security researchers who practice responsible disclosure and will give credit where credit is due.