Skip to content

Latest commit

 

History

History
21 lines (13 loc) · 1.36 KB

SECURITY.md

File metadata and controls

21 lines (13 loc) · 1.36 KB

Security Policy

Reporting a Vulnerability

You can report any security bugs found in the source code of this plugin through our Patchstack Vulnerability Disclosure Program. The Patchstack team will assist you with verification, CVE assignment and take care of notifying the developers of this plugin.

Responding to Vulnerability Reports

Emilia Projects takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. Patchstack will work with you and us to deal with the security issue as best as possible.

Disclosing a Vulnerability

Once an issue is reported, Emilia uses the following disclosure process:

  • When a report is received, we confirm the issue and determine its severity together with Patchstack.
  • If we know of specific third-party services or software that require mitigation before publication, those projects will be notified.
  • An advisory is prepared (but not published) which details the problem and steps for mitigation.
  • Patch releases are published and the advisory is published.
  • Release notes and our CHANGELOG.md will include a Security section with a link to the advisory.

We credit reporters for identifying vulnerabilities, although we will keep your name confidential if you request it.