Skip to content

Libermall/.github

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
 
 
profile
profile
 
 
SECURITY.md
SECURITY.md
 
 

Repository files navigation

Security Policy — Libermall Organisation

This is the org-wide security policy. Individual repositories may add SECURITY.md files with repo-specific scope; the contact channels below always apply.

Reporting a vulnerability

Channel Use it for
Email: [email protected] Most reports. PGP key on request.
GitHub Security Advisory Coordinated disclosure on a specific repo, via the Security tab of that repo.
Telegram to @LibermallIDbot/security Quick disclosure with screenshots.

We acknowledge reports within 48 hours, triage within 5 business days, and aim to ship a fix within 30 days for high-severity issues.

Scope

In scope:

  • Any repository under github.com/LiberMall
  • Any live Libermall surface — id.libermall.com, dex.libermall.com, pay.libermall.com, card.libermall.com, nft.libermall.com, lnk.libermall.com, libermall.com
  • The official Libermall bots — @LibermallIDbot, and any bot explicitly attributed to Libermall

Out of scope:

  • Forks of Libermall repositories under other accounts — please report to those fork owners directly
  • Third-party brands operated by Libermall partners (sites.reviews, tonchat.ai, ton.ceo) — each has its own security policy
  • DoS / volumetric attacks
  • Theoretical vulnerabilities without a working proof-of-concept

Safe-harbor

We won't pursue legal action against researchers who:

  1. Make a good-faith effort to avoid privacy violations and service degradation.
  2. Don't exfiltrate data beyond what's needed to prove the issue.
  3. Give us reasonable time to remediate before public disclosure (typically 90 days).
  4. Don't exploit the issue for personal gain.

Hall of fame

Researchers who report valid vulnerabilities will be credited (with consent) on id.libermall.com/security.html and in the relevant repo's CHANGELOG.md.

Disclosed incidents

Date Repo Summary
2026-05-25 Telegram-Cryptocurrency-Wallet-Libermall Production credentials (including 24-word wallet seed) committed in botdata.php from 2023-08. All credentials rotated; repo set to security-maintenance mode.
2026-05-25 Marketplace-WebViewSample-WebViewApp-Android Android signing keystore + password + signed build artefacts committed. Keystore considered compromised; repo archived.

About

Libermall organisation profile + shared GitHub configuration (org-wide SECURITY.md, issue templates).

libermall.com

Topics

ecosystem organization web3 ton org-profile libermall

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors