Skip to content

Security: AristurtleDev/monogame-aseprite

Security

docs/SECURITY.md

Security Policy

If you have discovered a security vulnerability in any of the AristurlteDev projects, please report the vulnerability privately to [email protected]. We ask that you do this privately and allow us a chance to patch the vulnerability and push an update for existing users. After a security vulnerability is reported and verified, our policy is to perform the following:

  1. Patch the release branch of the repository in question to eliminate the vulnerability
  2. Issue a new security fix release of the current version
  3. Issue a public statement through the following channels
    • If the project has a public website, a statement will be issued on the home page of the site for the project
    • If the project has a discord server, a statement will be issued on the discord server of the project.
    • A public statement will be issued on the AristurlteDev Twitter account.

How to Report a Security Vulnerability

Please report any security vulnerabilities privately to [email protected]. Once reported, we will work with you on verifying the vulnerability.

When reporting a security vulnerability, please provide the following information. You can copy/paste the following as a template

1. The name of the project or GitHub repository that contains the security vulnerability.
2. A description of the vulnerability
3. Steps that can be used to recreate the vulnerability.
4. Any additional information you may think is relevant (no matter how small).

There aren’t any published security advisories