add documents
This commit is contained in:
28
SECURITY.md
Normal file
28
SECURITY.md
Normal file
@@ -0,0 +1,28 @@
|
||||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
Use this section to tell people about which versions of your project are
|
||||
currently being supported with security updates.
|
||||
|
||||
| Version | Supported |
|
||||
|---------|--------------------|
|
||||
| v1.x.x | :white_check_mark: |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you find a security vulnerability affecting any of our supported projects, please
|
||||
email [edward@cheng.sydney](mailto:edward@cheng.sydney), rather than opening a public issue on GitHub. After receiving
|
||||
the initial report, we will endeavor to keep you informed of the progress towards a fix and full announcement. We may
|
||||
ask you for additional information. You are also welcome to propose a patch or solution.
|
||||
|
||||
Report security bugs in third-party modules to the person or team maintaining the module.
|
||||
|
||||
## Coordinated Disclosure
|
||||
|
||||
We aim to patch confirmed vulnerabilities within 30 days or less, disclosing the details of those vulnerabilities when a
|
||||
patch is published. We ask that you refrain from sharing your report with others while we work on our patch.
|
||||
|
||||
We may want to coordinate an advisory with you to be published simultaneously with the patch, but you are also welcome
|
||||
to self-disclose after 90 days if you prefer. We will never publish information about you or our communications with you
|
||||
without your permission.
|
||||
Reference in New Issue
Block a user