v4.0 Bug Hunt

[hueniverse]

The last 3 major releases of joi included a significant re-factoring of the validation logic. These included changing schema types to immutable objects, adding cross key references, and conditional rules.

A Validation module is only as good as its tests and extensive usage. False positives or missing negatives can lead to application instability or security threats.

We are announcing a $2500 bug hunt!

The rules are simple:

• Find a validation bug in version 4.0 or newer that leads to the module either failing to error on invalid inputs or identifying a valid input as invalid. Other bugs should still be reported but are not part of this program.
• Send a pull request adding a failing test which shows the problem. Prefix the title of your pull request with Bug Hunt:. Do not include a fix in the pull request, only the test code needed to show the bug.
• Each pull request will be evaluated in the order it was received and verified. If the bug is confirmed, and has not been already reported or fixed, it will be accepted and the reward paid.
• Bug confirmation and acceptance are at the sole discretion of the Spumko team without any appeals allowed. This might sound harsh but it is the only way we can keep the rules simple.
• Each confirmed report will award its finder a bounty on an increasing scale:
  • the first 15 reports will be awarded $50 each
  • the next 10 reports will be awarded $75 each
  • the next 10 reports will be awarded $100 each
  • after 35 confirmed reports the program will conclude and no further awards will be granted.
• Award payments will be made within 60 days of bug confirmation and will be made via PayPal, Visa, or American Express gift cards.
• Walmart employees are excluded from participating.

Please ask any questions you have before participating!

[hueniverse]

This program is now closed. Any pending or confirmed findings reported prior to this announcement will be honored. Thank you for participating.