Skip to content

Latest commit

 

History

History
23 lines (15 loc) · 880 Bytes

SECURITY.md

File metadata and controls

23 lines (15 loc) · 880 Bytes

Security Policy

Supported Versions

Security updates are applied only to the most recent releases.

Reporting a Vulnerability

To securely report a vulnerability, please visit https://hackerone.com/eslint.

Please do not file a GitHub issue for a vulnerability.

Vulnerability Process

  1. Your report will be acknowledged within two business days.
  2. The team will investigate and update the issue with relevant information.
  3. If the team does not confirm the report, no further action will be taken and the issue will be closed.
  4. If the team confirms the report, the team will take action to fix it immediately:
    1. Commits will be handled in a private repository for review and testing.
    2. Release a new patch version from the private repository.
    3. Write a blog post disclosing the vulnerability.
    4. Notify Tidelift about the vulnerability.