-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0b76e4a
commit 045d80d
Showing
1 changed file
with
52 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| # Security Policy | ||
|
|
||
| ## Overview | ||
|
|
||
| We value the contributions of the community and welcome any input on potential security issues. | ||
| To ensure the safety of our users, we encourage following responsible disclosure practices described in this document. | ||
|
|
||
| ## Supported Versions | ||
|
|
||
| Only the latest release version is supported. | ||
| We use SemVer and encourage to pin only to the major version of our software and update to the latest minor and patch versions regularly. | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| If you discover a security vulnerability in our repository, we encourage you to report it to us as quickly as possible. | ||
| Please do not publicly disclose the details of the vulnerability until we have had a chance to address it. | ||
|
|
||
| ### How to Report | ||
|
|
||
| 1. **Submit vulnerability report**: | ||
|
|
||
| Please use [Report a vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) functionality of this GitHub repository. | ||
|
|
||
| Please use the following template: | ||
|
|
||
| > ## Description of the vulnerability | ||
| > | ||
| > ## Steps to reproduce | ||
| > | ||
| > ## Potential impact | ||
| > | ||
| > ## Any potential fixes or mitigations | ||
| > | ||
| > ## How would you like to be attributed in the public changelog | ||
| > | ||
| > e.g., name, email, or GitHub handle | ||
| 2. **Response Time**: | ||
| We will acknowledge your report within 10 days and provide a timeline for fixing the vulnerability. | ||
|
|
||
| 3. **Updates**: | ||
| We will keep you updated as we work on a fix. | ||
| You may be asked to provide additional information or clarification. | ||
|
|
||
| 4. **Disclosure**: | ||
| We follow a coordinated disclosure process. | ||
| Once a fix is implemented, we will release it and publicly disclose the details of the vulnerability along with credits to the reporter. | ||
|
|
||
| ## Security Updates | ||
|
|
||
| Security updates will be communicated through our repository's release notes. | ||
| Please ensure you stay up-to-date with the latest releases to protect your environment. |