Skip to content

Latest commit

 

History

History
29 lines (24 loc) · 1.54 KB

SECURITY.md

File metadata and controls

29 lines (24 loc) · 1.54 KB

Security Policy

Reporting a Vulnerability

When you should?

  • You think you discovered a potential security vulnerability.
  • You are unsure how a vulnerability affects this application.
  • You think you discovered a vulnerability in another project that this application depends on. For projects with their own vulnerability reporting and disclosure process, please report it directly there.

When you should not?

  • You need help tuning application components for security
  • You need help applying security-related updates.
  • Your issue is not security-related.

Please use the below process to report a vulnerability to the project:

  1. Email [email protected]
    • Emails should contain:
      • description of the problem
      • precise and detailed steps (include screenshots) that created the problem
      • the affected version(s)
      • any possible mitigations, if known
  2. You may be contacted by a project maintainer to further discuss the reported item. Please bear with us as we seek to understand the breadth and scope of the reported problem, recreate it, and confirm if there is a vulnerability present.

Supported Versions

Versions follow Semantic Versioning terminology and are expressed as x.y.z:

  • where x is the major version
  • y is the minor version
  • and z is the patch version

Security fixes, may be backported to the three most recent minor releases, depending on severity and feasibility. Patch releases are cut from those branches periodically, plus additional urgent releases, when required.