Please make any reports of security issues to security@imageoptim.com
Types of exploits we're most interested in:
- arbitrary code execution on the servers of imageoptim.com or im2.io,
- disclosure of security-sensitive files, such as private keys or non-public source code on imageoptim.com or im2.io,
- disclosure of databases or private customer information (except: usernames are public, and we do validate whether an e-mail address is already registered),
- unauthorized modification of files served by the service (cache poisoning, etc.).
Example issues that are low priority and generally out of scope:
- any attacks involving phishing,
- MITM of insecure protocols such as HTTP or SMTP,
- DoS caused by large number of requests or large files,
- theoretical attacks on hash functions,
- disclosure of file paths on the server,
- lack of DNSSEC or DMARC.
ImageOptim is committed to ensuring the privacy and safety of its users. If you think that you have discovered a security vulnerability on our website we would appreciate your help in disclosing the issue to us. Please do this responsibly by giving us the opportunity to investigate and fix the vulnerability before publicly disclosing it. We treat security vulnerability reports as high priority and will validate and fix any vulnerabilities in accordance with our commitment to security and privacy.
If you comply with the following policies when reporting a security vulnerability to ImageOptim, we will not instigate any legal action against you in response to your report. You are requested:- to give us reasonable time to investigate and mitigate the issue reported by you before you publicise that report or share details about it with others;
- not to interact with another Account if the account owner has not consented to such actions;
- to use all reasonable efforts to avoid privacy violations and disruptions to others, including (but not limited to) destruction of data and interruption or degradation of the ImageOptim Service; and
- not to exploit any security vulnerability which you discover for any reason.
-----BEGIN PGP PUBLIC KEY BLOCK----- Comment: Subkey ID B357EA78 mQINBFenVNEBEADKDs8q9M9j/Vq4mmvcAwSOa7gBWGUFHKE57szfyjpufW12smTS 9M7UAxhwCGjqkO9ER0ChC1AxQWuNBnLzjI/F/ut1FM42V8xDgd+e/LAN/jc9Zq6g ZPM+Ei/1gvYBAfzcxstp5KhyIPiCzL1bMAYKGKcP1FQ0qlqyt2ILKuQoZ4xEs3bP odsLGzUMS+ixVJk6RBQTDCxd1vfJU2tzkb6ek79GhRtqM5A30l56WtRwAqnDVJvo o14nS4qz92LgiGL8Kj58EISh8vDqQs/Iw6EVcKf/f6elJ2u47qzQtx+2UDXNt8S5 l0h48tTq0inGZJln+kZVHmIDNWw4PkScGdMsPTp9z0RTM6lcTtfELWBXPUcMkdd1 2xJBMu3ndRBR1ncy6u71NBqTk+lQx/kgnzW2bMB53vpsi0xdHxouTPZ4nXsqvT2f oAgG3IF+V00Qqujg8kBmkabxpq49de7RyE0MriaaV+nNb6apYtkUYwIS+1KZCtG/ xM4Xwf1l+1F/3dI2EjJtd3D3/ZDLXZmgNxMGlCUYbO4DxN1aU3R0pEKaRYBQsYEM 6wURptt89kXrsLsspIpsn0x80abmeniIcKWE+jFZfqVStnC6cpw0SpPcsgML4vM7 n/xriUuKq55pMC5KreRXVAg5GzrISJpl8IRMIfArN5pkfn6P5OxZzOt2uQARAQAB tDNLb3JuZWwgTGVzacWEc2tpIChtYXN0ZXIpIDxzZWN1cml0eUBpbWFnZW9wdGlt LmNvbT6JAj0EEwEKACcFAlenVNECGwMFCQeGH4AFCwkIBwMFFQoJCAsFFgIDAQAC HgECF4AACgkQOkf/ZUqTQxEOyw//aR+bCH3ZiiZc/4gfDBK60BX91jIcsv25/wwA kGWWKaGqGItkOSrSyVaVNv4Owr3X9GF9YvZtC1q6Qj3eQayYM7kT1mHqbRLb9FHo zIK3zplSZ+wNblRBLcIbR7blCgnCl30O/ofnLd1oMIIQB3BxR/fb+fQBSoQgY7/y FZAP4stJJSoZ+tERyIp7Rc8T8tFm1iU8VDLaIzz1ZA/mtd6vWtAn15KcOIGwrMhU C6tjyFvdMEx6tuYOLCMmqaBhIvbpnvKwxP6rlAxgY34+xRZz5LoLMpVcnbdxt4Hk FOOkQlIjTVYKopdyKh/X6Wp4C0VKTnElERX7ohiDDMQYoaujZoOSeAPfxPtFgBtg IZZpVgwSJjCaZUfl41VA7wrKUa7z042l8PtSqkoUZKfR8Rl411a9xO3UOowWb1K5 wyw3QKq4F7mYaEP4KGAXCnY2UUPCL8p8b4w/Hbns5DEUiUYq5Z9ugmNCCCwYogOB jaPOCGJqs49PUeHXnbOkfEKrSEYiqGv+pvHycNg2hkgzHzm5UJPNzs1AVzQyNwQi o1ztWl7Azywm3c/x/8sdn2r8YG7eFqCChvauru+4IB1ayWl+fIKQYEZY276inBgS HKdgu+wFvV6KJdIt/vlq3HtAQI4toMpB8inIon5TyA/f03L0si8I/hUCLLm2s8xI RRR09XOJAiIEEwEKAAwFAlenVcMFgweGH4AACgkQrrrb1D3lWy5NYA/9Evj0lglt bljzNjLurD3jbgtv9oHuoLS0nkkrvYu8gH1c02zofSIh752Q3ZnE1thJPoB5Rlmy NypcqIpvcIJF8tiTj74p/V+uTA0e2fO4d+Zy9YT4rxuDCPtZvYENbonUk0MbHQNg N2tp8qd7BLSRQy1Bt8Bblpyv/q7qC9WGUy7GB7lXLJwZG6Ke9Op+KEA68N7cp2Ri H1G7DYcG+gnEeRe2UGK4cyRqs5xYsD2+u/nf4UZHlzD9QSvFgotF3sIt6BPSELug tXmsG+OUtj7s0LwCeJ9eSU8wqsnQNJ5ucaZ0rgZoQXz3mgsC/Pjl1UjMRkc7uLOF kMV+TMPp3z8IFUDpCHfu6ri+G0wo5c1jF+ZfB8oXWyDQrNNmqQBY4BoxCXL9ChDx NrXYE8vX1JCZvxLJOOYbUCrvfQXHHfhOeuFCeNQ0kzzwXPARTv7KgChp/pAT6Iol 2goAqupcg2MQqOoUJr9R6mG6ijziRKPSbVTHBWHhH2zoYNXdWfK05cFWnnABjDNh VGcxZWR8/6Rn54Vb2xPYug3p2Fa2UC6/FNf3ZTv2L+CcDrWAU5jaZIZ8Enqb+LDQ 3E5OOsX+Q750Ia5uiOGGQjUY99v0XP+dqKO8HBd7WNkujrlFIfaGVbSlMHvOSx3H aU545qH+uRiVkAjVlEpEE9wbP7WqBh7PHOK5Ag0EV6dU0QEQAL3rErGp68yCvaL6 h6+LsY/dlSL8aP3wTp2Ljo0Cf7NE12u9o0DLDknheOZXuoMgirIKmoBF1zmP/Lwg TELo7Zg5EaEQMJDB+6UiBtz2N/9rlLu0O2iCj4JYB+wpNJan/kuygRtjWUHdKGMa fFvosQZaEEb6W/Sp5Vf0nJ1n53kkJYH/Hck4o2+Q5vMW03FYBU72FlAzemcy9gjs aqwSGrHbauAR8oERPtKe6efP0uoWdZMFTwHb33uLLHvLKiGOmDhaUKEOrIydIxeE QSrz8JdldlrN/mbYfMGJoZPVaa4yBrQBNWLC1ZVnnHmSSCIzeraskbw7/qiAC3+u 4tX2Sdiyzed0pik2HRzEmV0f9CQD5GJQvAekY3rKtJdcFSPGVlpFJGGy1Vr0uBgO oMicTADJgJDvC6604o195FQRYkIAYifFwtglCMFc8gqObIupokcEkgChdmew+6ZK I5yZA6argUDyLMx5k5TL5fRJGlPqKuRlI513WjbnCWH1PimNZAJ+GF75ED2oYtm6 CTb3SXrFPlUgTCXpQQb/P/hcWTIwcAI4JN18/tyyBOtiPkLyVQ0m5kzTYwZeDelA 2wUMQlkzPUL5U763gNQidAMtN4sDbLKnaViaoCkgsa4Bhm+nH5SKyyjvG5cgPRfI 5Se3V7IbsgtSwSJYpFelbYD1Y1GzABEBAAGJAiUEGAEKAA8FAlenVNECGwwFCQeG H4AACgkQOkf/ZUqTQxE4xhAAm0h9UNnOzpVZsqvrmPSa5laKxxN1w2UiCg8iwgmG +GXHzo1IYkhGOoBQbjbZsQinqzHmZGPC7jnxWIklNF0E8ozIlgXJHllvqBLJv7rr bXFDa5yQBwnwraogttdfB5swSjmZMiB2tmASH6HXRk3Udt1R+4pM0rXRLf1x/aZ2 +d/yCvDzFH0ymSH17bXThuqJst9+By3CdP95V4p1ZjCkXMYGuhj4euhf3g3yrmvG B4juMHycSjUkwo5V2hBath57J+j4YswvsNGEIGGOnNfxN7gkmrha78GK4GRYYV0x H0zU370V6JeunAEd18YIqzVPCEAmp8y6fvsZAQx9gdvXV/xKzx+3hs7VoEj4OVj9 xIAwqQnHEPTmaNw90GYlyCIDiZfNK8JZPeCEiTkJsiHGwEotbKLOUqBPehfuInen 1V2GOAmlX1S2eYviYuB8g+Zd1oCr4KDAIi3N5EPsCl/wgOVqI4Zms7cB2LtxN004 vEHSzODF4JXFJ4tIaMnPCmWiU80XrBOGPQqgrXKA1jeoZR+k4EgrPdhOPkPxaMhy ccUI/h1+xlMxs72HuveJkQjFlTAtG8DqObjnxKKlgbmf/UGlleI/22Bk6rCIpEAE cST6W9kk5lG+y5y+2h5FavIYtKNN6ruifVwiJvbsHFAs03y8Yr5+U6BDSMjmx454 /He5Ag0EV6dU+AEQAM/o3tLWjwr8EPMj9hpit/nFH9R6IOh0BWovbHPEvndRceqC 1tfJh4FiT9sYeaTIBPEmkxTOS+5paEg+Kve1aU9VK/jQq0pcVWJAqw9MKpHXHfse 585NsGwT8KeZnq2F7iw/W9W1PH3rt5w0nHGWm+Dy35IyQh8J9rsKoSVE+u9i4yhe nplqLiv9RgI3Qjfn421QikLZE7y6s7DUswuJYiUI1eba9dpFIjmufmO0n+QfFMQQ 9NULKFJrNkBGYH5490q7b5XlozUWElwKfaownCLqSVCN3oHZ8L02YsTLkGUhHrvz ev6ffhPur0UhziLPDkWgNlW6w0Sm5h51ynQV8uzEfOMzTw/kjVFvQf+Q4qS4O9LS 0ycacVU8pAO2B7BP06tAiXLZAlsG8n9WatE9KEHiPGizjhz7gXy/Fqg0dzFBCJ+2 HLfFbr8R3SUF0EyIzHLvMXxlbsy27NKwfX1ADiEbYxoBKtD2p2xKtnqek8jwYZ3f dR9oCWfb68Zv6KuDe1vYn7eO9s/e82tvnkCIjcpXJ/5QuXPqCs2DMWLZtuTVRtdS x5A4772qyO+3ju4p/GCSO1k4k1GPlb0YBOJNnxXl88MEB8Q90HuxFbuTMrFOcQty BLVjvGHShnPY9HO4vtmAIptKxEFb9JbI55oW40z/hHCTyXYgmAI6Zq8SvA+XABEB AAGJAiUEGAEKAA8FAlenVPgCGwwFCQPDuIAACgkQOkf/ZUqTQxGNHw//VOPZ9diM jT20IoZz7TOn3dswFK772TfCSF91dR4itBA/ehWfSsDqRkk3vT8pKwzZoS9gqpup F4LY26uhHQ5NnR4zeWxonDR7xde0qViTlHxHbicPvb98DBhjDfyzhomTd3Q3LZ9n +WEFFcfHJ547VjjIfG8dXaWSuEaIwC0R3Ziej1p91uW9ajvoMJD+17ts+C07PB4R st2WLvDGxgboRz/Im9z1GuuV4EeNdCFrRlgMTrPuGY4ay3IKRR1vBoco+he79e4o 3d4CZcpc/515uxep5RVXurKAeeuEcMe0YzyO7qWtETxAOzlHJR5X6c88r7YsB/jV wJTydpOHjyHCq2gOBS3OmXHZ19kG8wXuH4QDx/KbWVQ3Om29n09kkZGOouy+nfsH 4IR37QYWTiBDo98GfloEV0Y4wG99CTnypvco6wsa0KD8b1Jl52RoZh58dIasn2Np rjBIBv8VHGIzRRCUobSXOHOQ0X0ImICWzX5fF8acCGDTrrMZfYWe8MSP3lRMURlt BS5n76BaQqYO6Pt3bOrJv0xaZ83K5ToSkP3HKgOWUpm8nsgToaMv8JOetCbnxqh9 UoV+TBc7oMaHX79O3D1Cbq0V/nx/n5FwAQotOKf3zXI53oKX1VZfR2PNMQH/4q5Z mvzgKZ8PLp8tT/zrj8qojBVYZnc/W74bpzw= =ftO7 -----END PGP PUBLIC KEY BLOCK-----