We take security issues in our projects seriously. We appreciate your efforts to responsibly disclose your findings.
Please do not report security issues directly on GitHub but using one of the channels listed below. This allows us to provide a fix before an issue can be exploited.
- Researchers/Non-SAP Customers: Please consult SAPs disclosure guidelines and send the related information in a PGP encrypted e-mail to [email protected]. Find the public PGP key here.
- SAP Customers: If the security issue is not covered by a published security note, please report it by creating a customer message at https://launchpad.support.sap.com.
Please also refer to the general SAP security information page.