-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
27 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Security Policy | ||
|
||
Your security is very important to us. We believe in the benefits of open source and also in strong security; this document provides guidelines for how to report and handle vulnerabilities. | ||
|
||
## Supported Versions | ||
|
||
We provide security updates only for the most recent version of our project, and the prior major release. Older releases are not supported with security updates. Please ensure you're using one of the supported version ranges to receive security updates: | ||
|
||
| Version | Supported | | ||
| ------- | ------------------ | | ||
|
||
## Reporting a Vulnerability | ||
|
||
If you discover a security vulnerability, please refrain from creating a public issue on GitHub. Instead, please create a **new issue** and use the **label "security"** to tag it. This gives us a chance to fix the issue and create an official release prior to the issue becoming public. | ||
|
||
When reporting a vulnerability, please provide the following information: | ||
|
||
- Detailed description of the vulnerability | ||
- Steps to reproduce the issue | ||
- Any known impact | ||
- Any possible solutions or mitigations | ||
|
||
We will review the issue in the most timely manner possible and strive to communicate regularly about the status of the vulnerability, such as whether it's accepted, fixed, or declined. | ||
|
||
## Policy on disclosed vulnerabilities | ||
|
||
When a reported vulnerability has been addressed, we will create a security patch release and add a post to our website detailing the issue and the solution, without exposing sensitive information or any details that could lead to exploitation of the vulnerability. |