Skip to content

Latest commit

 

History

History
68 lines (43 loc) · 2.16 KB

SECURITY.md

File metadata and controls

68 lines (43 loc) · 2.16 KB

Security Policy

Purpose of the Policy

The purpose of this Security Policy is to ensure the security of our project and maintain the trust of the community.

Who is Affected by the Policy

This policy applies to all members of our project community, including developers, testers, repository administrators, and users.

Supported Versions

Use this section to tell people about which versions of your project are currently being supported with security updates.

Version Supported
2.0.x
< 1.2.0

Development Recommendations

Best Practices

  • Follow secure coding principles.
  • Use well-established libraries and frameworks.
  • Regularly update dependencies.
  • Conduct thorough testing, including security-related tests.

Unrecommended Practices

  • Do not use known vulnerabilities that have not been patched.
  • Do not publish sensitive information such as API keys or passwords.
  • Do not vote for changes that degrade the security of the project.

User-Generated Content

  • Ensure that user-generated content does not contain hidden threats.
  • Be cautious when handling user data.

Community Interaction

  • Treat each other with respect and politeness.
  • Do not spread spam or spam bots.
  • Follow community guidelines.

Vulnerability Discovery and Reporting

  • If you discover a vulnerability, report it as an issue on GitHub.
  • Your report should contain detailed information about the vulnerability, including steps to resolve it.

Reporting Method

To report a vulnerability, create a new issue on GitHub and use branch isolation to provide details about the vulnerability.

Details to Provide

Please provide the following information about the vulnerability:

  • Description of the vulnerability
  • Steps to resolve the vulnerability
  • Versions on which the vulnerability was found
  • Code examples illustrating the vulnerability (if it is safe to do so)

Expected Behavior

  • If we accept the reported vulnerability, we will release a patch and update the security information on GitHub.
  • If we reject the reported vulnerability, we will provide an explanation.