Skip to content

Security: Mini-Sylar/shopify-app-vue-template

SECURITY.md

Security Policy

Supported versions

New features

New features will only be added to the main branch and will not be made available in point releases.

Bug fixes

Only the latest release series will receive bug fixes. When enough bugs are fixed and its deemed worthy to release a new gem, this is the branch it happens from.

Security issues

Only the latest release series will receive patches and new versions in case of a security issue.

Severe security issues

For severe security issues we will provide new versions as above, and also the last major release series will receive patches and new versions. The classification of the security issue is judged by the core team.

Unsupported Release Series

When a release series is no longer supported, it's your own responsibility to deal with bugs and security issues. If you are not comfortable maintaining your own versions, you should upgrade to a supported version.

Reporting a bug

Open an issue on the GitHub repository.

Disclosure Policy

We look forward to working with all security researchers and strive to be respectful, always assume the best and treat others as peers. We expect the same in return from all participants. To achieve this, our team strives to:

  • Reply to all reports within one business day and triage within two business days (if applicable)
  • Be as transparent as possible, answering all inquires about our report decisions and adding hackers to duplicate HackerOne reports
  • Award bounties within a week of resolution (excluding extenuating circumstances)
  • Only close reports as N/A when the issue reported is included in Known Issues, Ineligible Vulnerabilities Types or lacks evidence of a vulnerability

Receiving Security Updates

To receive all general updates to vulnerabilities, please subscribe to shopify's hackerone Hacktivity

There aren’t any published security advisories