This document outlines security procedures and general policies for the Furnel project.
The author of Furnel takes all security issues seriously. Thank you for improving the security of Furnel! 🙌🎉 I appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
I will acknowledge your email within 48 hours, and will send a more detailed response within the next 48 hours indicating the following steps in handling your report. After the initial reply to your report, I will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
Report security bugs in third-party modules directly to the person or team maintaining the module in question.
When I receive a security bug report, these are the steps I will take:
- Confirm the problem and determine the affected versions.
- Audit code to find any potential similar problems.
- Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.
- Determine root cause and document lessons learned.
If you have suggestions on how this process could be improved, please submit a pull request.