Skip to content

Latest commit

 

History

History
36 lines (24 loc) · 1.94 KB

SECURITY.md

File metadata and controls

36 lines (24 loc) · 1.94 KB

Security Policy

Supported Versions

We provide security updates and fixes actively for the latest major version of the project. Previous major versions are supported until 1 year after the release of the next major version.

Version Supported
2.3.x
2.2.x
2.1.x
< 2.0

Reporting a Vulnerability

We take security very seriously. If you have found any issues that might have security implications, please send a report to our dedicated email at jpcadena@espol.edu.ec instead of posting a public issue on GitHub.

When reporting, please include as much information as possible to help us understand the scope and severity of the issue. This may include:

  • A description of the vulnerability
  • Steps to reproduce the issue
  • Potential impacts of the vulnerability
  • Suggestions for mitigating the vulnerability, if any

Please avoid including sensitive information in the initial report. We will provide a secure, encrypted channel for further communication after the initial report.

What to expect

After you have reported a vulnerability:

  1. Acknowledgement: We will acknowledge your email within 3 business days.
  2. Verification & Analysis: Our security team will work to verify the vulnerability and determine its potential impacts.
  3. Response & Mitigation: We will aim to provide a first response, including our plans for mitigating the vulnerability, within 10 business days.
  4. Communication: If the vulnerability is confirmed, we will release a security advisory on our GitHub repository and might also communicate it via other channels.

We appreciate your effort in improving the security of our project and will acknowledge your contribution when we disclose the issue, unless you prefer to remain anonymous.