This document outlines the security procedures and general policies for the tktchurch/website project.
We are committed to resolving all security issues in a responsible and timely manner. The table below indicates which versions of our project are eligible for receiving security updates:
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
If you discover a security vulnerability, please refrain from logging it as a public issue and instead send us a confidential report. Here's how you can reach us:
- Send an email to [email protected]
- Expect a reply within 48 hours confirming receipt of your message
- We'll investigate the issue and strive to keep you informed about our progress towards resolving it
- We'll aim to promptly fix the issue and engage with you for coordinating public disclosure
When reporting a vulnerability, please provide as much information as possible to help us understand the nature and scope of the vulnerability. This should include:
- Detailed steps to reproduce the issue or a proof of concept
- Your view on the impact and severity of the issue
Thank you for helping us ensure the security and privacy of our users.
A public disclosure date is negotiated by the tktchurch security team and the bug submitter. We prefer to fully disclose the bug as soon as possible once a user mitigation is available. We believe that public disclosure of vulnerabilities with a practical mitigation in place is in the best interest of user security.
Please refrain from sharing your report with others until we've had a chance to diagnose and offer a resolution.
Failure to comply with this policy may result in suspension of your access to our resources, which we may lift once we've had a chance to review your compliance with our policies.
Thank you for helping keep the tktchurch/website and its users safe!