Skip to content

Latest commit

 

History

History
37 lines (21 loc) · 2.41 KB

SECURITY.md

File metadata and controls

37 lines (21 loc) · 2.41 KB
Raw

Security Policy

Supported Versions

We are committed to maintaining the security of our software. However, our resources are limited to providing security patches only for the latest combination of minor and major versions of our software, without any warranty or support guarantees. Please refer to the provided license for more information.

Reporting a Vulnerability

We take the security of our software seriously. If you believe you have found a security vulnerability in our software, we encourage you to report it to us as soon as possible. Please follow these steps:

  1. Do Not Publish the Vulnerability: Publicly disclosing a vulnerability can put the entire community at risk. We ask that you do not share or publicize an unresolved vulnerability to/with third parties.

  2. Report Confidentially: Please email us at [email protected] with the details of the vulnerability. The report should include:

    • A description of the vulnerability and its potential impact.
    • Steps to reproduce or proof-of-concept (PoC).
    • Any relevant screenshots or output.

  3. Response and Collaboration: Our security team will review your report and may contact you for further information. Once the vulnerability is confirmed, we will work with you to assess and understand its impact and develop a mitigation or fix.

  4. Acknowledgment: After the vulnerability has been resolved, we will acknowledge your contribution in our release notes, unless you prefer to remain anonymous.

Security Patch Release Process

When a vulnerability is discovered, either through internal processes or via an external report, the following process will be followed:

  1. Vulnerability Assessment: Our security team will assess the severity and impact of the vulnerability.

  2. Patch Development: A patch will be developed for the latest supported version.

  3. Release and Notification: Once the patch is ready, it will be released as part of a new version. We will notify users of the need to update through our communication channels (e.g., repository release notes).

  4. Backporting: In exceptional cases, where a vulnerability has a high impact, we may consider backporting the patch to earlier versions. This decision will be made on a case-by-case basis.

Thank you for helping us keep our software secure.

This policy is subject to change at the discretion of the project maintainers.