29 lines
1.3 KiB
Markdown
29 lines
1.3 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
Use this section to tell people about which versions of your project are
|
|
currently being supported with security updates.
|
|
|
|
| Version | Supported |
|
|
|---------|--------------------|
|
|
| v1.x.x | :white_check_mark: |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you find a security vulnerability affecting any of our supported projects, please
|
|
email [edward@cheng.sydney](mailto:edward@cheng.sydney), rather than opening a public issue on GitHub. After receiving
|
|
the initial report, we will endeavor to keep you informed of the progress towards a fix and full announcement. We may
|
|
ask you for additional information. You are also welcome to propose a patch or solution.
|
|
|
|
Report security bugs in third-party modules to the person or team maintaining the module.
|
|
|
|
## Coordinated Disclosure
|
|
|
|
We aim to patch confirmed vulnerabilities within 30 days or less, disclosing the details of those vulnerabilities when a
|
|
patch is published. We ask that you refrain from sharing your report with others while we work on our patch.
|
|
|
|
We may want to coordinate an advisory with you to be published simultaneously with the patch, but you are also welcome
|
|
to self-disclose after 90 days if you prefer. We will never publish information about you or our communications with you
|
|
without your permission.
|