Skip to content

Security: YisusChrist/.github

Security

SECURITY.md

Security Policy

Supported Versions

At the moment the project only considers the very latest commit to be supported. We combine that with our fast response to incidents and the automated updates to minimize the time between vulnerability publication and patch release.

Version Supported
master
other commits

In the near future we will introduce versioning, so expect this section to change.

Reporting a Vulnerability

If you discover a security vulnerability within this repository, we encourage you to report it as soon as possible to help us address the issue promptly.

How to Report

Important

Do not submit an issue or pull request: this might reveal the vulnerability.

Instead, you should:

In case none of the above methods work, you can create an issue following these steps:

  1. Raise an Issue: Go to the Issues section of this repository.
  2. Title: Use a clear and descriptive title such as "Security Vulnerability Report".
  3. Description: Provide a detailed description of the vulnerability including:
    • Steps to reproduce the issue.
    • The potential impact of the vulnerability.
    • Any relevant details or context that can help us understand the issue better.

We will deal with the vulnerability privately and submit a patch as soon as possible.

What to Expect

  • Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours.
  • Assessment: We will assess the report and determine the severity and impact.
  • Resolution: We will work on fixing the vulnerability as soon as possible. Depending on the complexity, this might take some time.
  • Notification: We will notify you once the vulnerability has been resolved.

Responsible Disclosure Policy

To ensure the protection of our users, we kindly request that you:

  • Allow us a reasonable time to fix the vulnerability before making any details public.
  • Avoid exploiting the vulnerability in any way.
  • Provide us with sufficient details to understand and resolve the issue effectively.

Thank you for helping us keep our project secure!

There aren’t any published security advisories