- Clone the main branch from the repository
- Set up a local envirnoment, see requirements and setup
- Attack and exploit your own local autorender instance
- Report the vulnerability via GitHub here
- Do NOT attack the production system (autorender.portal2.sr)
- Do NOT publish your report before the deadlines, see below
- Do NOT report useless attack surfaces like
- Social engineering
- Denial of service
- Flaws in older devices or browsers
- First response: 14 days
- Patchfix: 90 days