Skip to content

Security: gamboz/janeway

Security

SECURITY.md

Security Policy

Supported Versions

We currently only support one major version of Janeway. The master development branch becomes the next major release of Janeway and receieves security support. Security issues that only affect the master branch and not any stable released versions can be reported as Bugs and are fixed in public. Security vulnerabilities that effect a support branch, listed below, should be reported using the details provided under Reporting a Vulnerability.

Version Supported
1.3.x ✔️
<1.2.x

Advanced Notification

The full list of people and organizations who receive advance notification of security issues is not and will not be made public.

On a case by case basis we may notify individuals and organisations who collaborate in the development of Janeway.

Reporting a Vulnerability

If you detect a serious security vulnerability you should report it to us directly via email to [email protected]. Please provide where possible:

  • a brief description of the vulnerability
  • the website, page or repository where the vulnerability can be observed
  • any other documentation that may assist in fixing the issue

We will follow this process:

Activity Days From Initial Report
Acknowledge Initial Report 1 day
Provide Initial Assesment to Reporter 5 days
Create and Test Fix 14 days
Publish Security Advisory on Github 21 days

Some content adapted from [Django Security Policy]

There aren’t any published security advisories