From 6e73d3232f3fa65af038c585976041cd791fbccc Mon Sep 17 00:00:00 2001 From: Maciej Urbanski Date: Sun, 14 Jul 2024 21:11:09 +0200 Subject: [PATCH] security policy --- SECURITY.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..4c67b38 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,51 @@ +# Security Policy + +## Overview + +We value the contributions of the community and welcome any input on potential security issues. +To ensure the safety of our users, we encourage following responsible disclosure practices described in this document. + +## Supported Versions + +Only the latest release version is supported. +We use SemVer and encourage to pin only to the major version of our software and update to the latest minor and patch versions regularly. + +## Reporting a Vulnerability + +If you discover a security vulnerability in our repository, we encourage you to report it to us as quickly as possible. +Please do not publicly disclose the details of the vulnerability until we have had a chance to address it. + +### How to Report + +1. **Email**: + Send an email with vulnerability description to . + + Please use the following template: + + > ## Description of the vulnerability + > + > ## Steps to reproduce + > + > ## Potential impact + > + > ## Any potential fixes or mitigations + > + > ## How would you like to be attributed in the public changelog + > + > e.g., name, email, or GitHub handle + +2. **Response Time**: + We will acknowledge your report within 30 days and provide a timeline for fixing the vulnerability. + +3. **Updates**: + We will keep you updated as we work on a fix. + You may be asked to provide additional information or clarification. + +4. **Disclosure**: + We follow a coordinated disclosure process. + Once a fix is implemented, we will release it and publicly disclose the details of the vulnerability along with credits to the reporter. + +## Security Updates + +Security updates will be communicated through our repository's release notes. +Please ensure you stay up-to-date with the latest releases to protect your environment.