-
-
Notifications
You must be signed in to change notification settings - Fork 90
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
7c772b5
commit f21ef37
Showing
1 changed file
with
28 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Security Policy | ||
|
||
## Supported Versions | ||
|
||
| Version | Supported | | ||
| ------- | ------------------ | | ||
| 6.14.x | :white_check_mark: | | ||
| 7.x.x | :x: | | ||
| < 6.14.x| :x: | | ||
|
||
## Reporting a Vulnerability | ||
|
||
If you find a security vulnerability in the download of the config, execution of the config, | ||
or something else, contact mastercoms through email directly: mastercoms@tuta.io. | ||
|
||
If you have a solution for the issue, attach it as a patch file to the email. | ||
|
||
You can expect a reply within 24 hours of your report with the next steps of action | ||
regarding the vulnerability. This may include a request to submit a pull request to | ||
resolve the vulnerability if applicable. | ||
|
||
You should not disclose the vulnerability publicly unless you have not received a response after 1 month. | ||
|
||
If the vulnerability is declined, you may post it publicly after 48 hours of its declination, unless the | ||
declination is retracted within that time period. | ||
|
||
On the vulnerability being fixed, you may also disclose the vulnerability publicly after 1 week of the | ||
fix being deployed. |