Skip to content
Browse files

Add security note to repository

In order to simplify the communication with security researcher and
allow reporting of issues, this document should provide a rough idea

1. What versions are supported
2. Who to contact
3. How to send findings properly secured
4. What to expect from an approved security issue
5. What if it's not considered a security issue

Signed-off-by: Sheogorath <>
  • Loading branch information...
SISheogorath committed Sep 10, 2019
1 parent c6e4f37 commit 42d42d5b6f8f0516f5cfa496f0d0e9778ab8633e
Showing with 32 additions and 0 deletions.
  1. +32 −0
@@ -0,0 +1,32 @@
# Security Policy

## Supported Versions

Only the latest release of CodiMD is supported. We don't have the
ressources to maintain multiple versions.

## Reporting a Vulnerability

If you find a vulnerability for [this repository](, please report it to

Please report your findings OpenPGP encrypted. If you are not aware of
how to use OpenPGP, please refer to [@SISheogorath's OpenPGP page](,
which will take care of the encryption for you.

We'll get back to you as soon as possible. You can expect an answer within
3 days, in rare cases within a month. If you don't get a reply within a month,
please reach out for other contact addresses in the [community chat](

When your findings are accepted as a security issue, we'll work an a fix or
at least a workaround for the next release. With the release that contained
the fix, we want to encurage you to publish your findings as you like.

We'll also credit you in the release notes.

When your findings are not accepted as a security issue, feel free to write
a fix yourself and contribute it to CodiMD, as well as publish them as you
like and allow people to make in informed decision about using CodiMD.

If you have any further questions, feel free to reach out to the
[community chat]( or the mentioned contacts above.

0 comments on commit 42d42d5

Please sign in to comment.
You can’t perform that action at this time.