If you discover a security vulnerability in Abblix OIDC Server, please report it responsibly.
Do NOT:
- Open a public GitHub issue
- Discuss the vulnerability in GitHub Discussions or any public forum
- Publish details before the issue is resolved
Instead, email us directly at support@abblix.com with:
- Description of the vulnerability and its potential impact
- Steps to reproduce (environment, configuration, request sequence)
- Any proof-of-concept code, if available
- Acknowledgement — within 24 hours of your report
- Investigation — our security team will assess severity and begin working on a fix
- Progress updates — we will keep you informed as we work toward resolution
- Coordinated disclosure — once resolved, we will coordinate with you on public disclosure to ensure all users are informed and protected
In the event of a confirmed data breach affecting Abblix Account (our hosted identity provider):
- Users and the relevant authority of the Republic of Kazakhstan will be notified within 72 hours of discovery, as required by law
- Notification will include the nature of the incident, measures taken, and recommended user actions
We will not take legal action against researchers who report vulnerabilities in good faith and follow this policy. We ask that you:
- Allow reasonable time for us to investigate and address the issue before any disclosure
- Make a good-faith effort to avoid accessing or modifying other users' data
- Do not degrade the availability of our services during testing
Security updates, patches, and advisories are published on:
- Security reports: support@abblix.com
- General inquiries: info@abblix.com