|
| 1 | +# Security Policy |
| 2 | + |
| 3 | +## Supported Versions |
| 4 | + |
| 5 | +| Version | Supported | |
| 6 | +|---------|--------------------| |
| 7 | +| 2.1.x | :white_check_mark: | |
| 8 | +| 2.0.x | :x: | |
| 9 | +| 1.x.x | :x: | |
| 10 | + |
| 11 | +## Reporting a Vulnerability |
| 12 | + |
| 13 | +We take the security of our software seriously. If you believe you have found a security vulnerability, please report it |
| 14 | +to us as described below. |
| 15 | + |
| 16 | +**DO NOT CREATE A GITHUB ISSUE** reporting the vulnerability. |
| 17 | + |
| 18 | +Instead, send an email to [[email protected]](mailto:[email protected]). |
| 19 | + |
| 20 | +In the report, please include the following: |
| 21 | + |
| 22 | +- Your name and affiliation (if any). |
| 23 | +- A description of the technical details of the vulnerabilities. It is very important to let us know how we can |
| 24 | + reproduce your findings. |
| 25 | +- An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This |
| 26 | + will help us evaluate your submission quickly, especially if it is a complex or creative vulnerability. |
| 27 | +- Whether this vulnerability is public or known to third parties. If it is, please provide details. |
| 28 | + |
| 29 | +If you don’t get an acknowledgment from us or have heard nothing from us in a week, please contact us again. |
| 30 | + |
| 31 | +We will send a response indicating the next steps in handling your report. We will keep you informed about the progress |
| 32 | +towards a fix and full announcement. |
| 33 | + |
| 34 | +We will not disclose your identity to the public without your permission. We strive to credit researchers in our |
| 35 | +advisories when we release a fix, but only after getting your permission. |
| 36 | + |
| 37 | +We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your |
| 38 | +contributions. |
0 commit comments