Skip to content

Security: JARVIS-discordbot/Red-DiscordBot-jarvis

Security

SECURITY.md

Security Policy

Supported Versions

The table below explains the current state of our versions. Currently, only version 3.5 and higher are supported and receive security updates. Versions lower than 3.5 are considered End of Life and will not receive any security updates.

Version Branch Security Updates End of Life
< 2.0 master
>= 2.0, < 3.0 develop
>= 3.0, < 3.5 V3/develop
>= 3.5 V3/develop

Reporting a Vulnerability

For reporting vulnerabilities within Red-DiscordBot we make use of GitHub's private vulnerability reporting feature (More information can be found here). This ensures that all maintainers and key members have access to the reported vulnerability.

Opening a Vulnerability Report

To open a vulnerability report please fill out this form

You will be asked to provide a summary, details and proof of concept for your vulnerability report. We ask that you fill out this form to the best of your ability, with as many details as possible. Furthermore, you'll be asked to provide affected products and severity. These fields are optional and will be filled appropriately by the maintainers if not provided.

Timeline

We will try to answer your report within 7 days. If you haven't received an answer by then, we suggest you reach out to us privately. This can best be done via our Discord server, and contacting a member who has the Staff role.

There aren’t any published security advisories