-
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
6eac140
commit a4b3157
Showing
1 changed file
with
53 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
# Security Policy | ||
|
||
## Reporting Security Issues | ||
|
||
At Astral.js, we take security vulnerabilities and concerns seriously. We appreciate your efforts to responsibly disclose any potential vulnerabilities you discover to us. | ||
|
||
To report a security issue, please email us at [rabisnaqvi@gmail.com](mailto:rabisnaqvi@gmail.com). We will work with you to investigate and address the issue promptly. | ||
|
||
We kindly request that you refrain from publicly disclosing vulnerabilities until we have had the opportunity to review and address them. | ||
|
||
## Supported Versions | ||
|
||
The following table lists the versions of Astral.js that are currently supported with security updates. If your version is not listed, it means it has reached end-of-life and no longer receives security patches. | ||
|
||
| Version | Supported | | ||
| ------- | ------------------ | | ||
| 1.x.x | :white_check_mark: | | ||
| 0.x.x | :x: | | ||
|
||
We encourage you to upgrade to a supported version if you are using an older, unsupported release. | ||
|
||
## Security Best Practices | ||
|
||
To ensure the security of your applications using Astral.js, we recommend following these best practices: | ||
|
||
- **Keep your dependencies up to date:** Regularly update Astral.js to the latest version as it may include security patches and bug fixes. | ||
- **Implement input validation and sanitization:** Validate and sanitize all user input to prevent security vulnerabilities such as XSS (Cross-Site Scripting) and SQL injection attacks. | ||
- **Use secure communication channels:** When transmitting sensitive data, make sure to use secure communication channels such as HTTPS to protect against eavesdropping and data tampering. | ||
- **Follow secure coding practices:** Adhere to secure coding practices, such as proper data encryption, secure session management, and user authentication and authorization. | ||
- **Stay informed about security updates:** Subscribe to Astral.js's release notifications and security advisories to stay informed about the latest security updates and vulnerabilities. | ||
|
||
## Vulnerability Disclosure Process | ||
|
||
When a security vulnerability is reported to us, we follow a structured process to ensure timely handling and resolution: | ||
|
||
1. **Report submission:** Report the vulnerability to us via email at [rabisnaqvi@gmail.com](mailto:rabisnaqvi@gmail.com). | ||
2. **Acknowledgment:** We will acknowledge your report within 8 business days and provide you with details of our internal review process. | ||
3. **Investigation and verification:** Our security team will investigate and verify the reported vulnerability. | ||
4. **Resolution and patching:** Once verified, we will develop a fix for the vulnerability and release a patch. | ||
5. **Public disclosure:** We will work with you to determine an appropriate timeline for public disclosure after the vulnerability has been resolved. | ||
|
||
We greatly appreciate your assistance in disclosing any security vulnerabilities responsibly and cooperating with us throughout the resolution process. | ||
|
||
## Bug Bounty Program | ||
|
||
At this time, we do not offer a bug bounty program. However, we genuinely appreciate and recognize the efforts of security researchers in responsibly disclosing vulnerabilities to us. | ||
|
||
## Contact | ||
|
||
If you have any further questions or need to contact us regarding security-related matters, please email us at [rabisnaqvi@gmail.com](mailto:rabisnaqvi@gmail.com). | ||
|
||
Thank you for helping us keep Astral.js secure! | ||
|