-
Notifications
You must be signed in to change notification settings - Fork 8
/
SECURITY
35 lines (25 loc) · 1.43 KB
/
SECURITY
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# Security
## Reporting Potential Security Issues
If you have encountered a potential security vulnerability in this project,
please report it to us at discussion channel or <[email protected]>. We will work with you to
verify the vulnerability and patch it.
When reporting issues, please provide the following information:
- Component(s) affected
- A description indicating how to reproduce the issue
- A summary of the security vulnerability and impact
We request that you contact us via the email address above and give the
project contributors a chance to resolve the vulnerability and issue a new
release prior to any public exposure; this helps protect the project's
users, and provides them with a chance to upgrade and/or update in order to
protect their applications.
## Policy
If we verify a reported security vulnerability, our policy is:
- We will patch the current release branch, as well as the immediate prior minor
release branch.
- After patching the release branches, we will immediately issue new security
fix releases for each patched release branch.
- A security advisory will be released on the project website detailing the
vulnerability, as well as recommendations for end-users to protect themselves.
Security advisories will be listed at https://getlaminas.org/security/advisories,
as well as via a [feed](https://getlaminas.org/security/feed) (which is also
present in the website head for easy feed discovery).