Skip to content

Security: Strappazzon/.github

Security

SECURITY.md

Security Policy

🛡️ Found a security issue? Read on.

Reporting a Vulnerability

If you discover a vulnerability, please:

  • E-mail your findings to a AT strappazzon DOT xyz
  • Do not take advantage of the vulnerability or problem you have discovered
  • Do not reveal the problem to others until it has been resolved
  • Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Complex vulnerabilities may require further explanation!

When reporting an issue, where possible, please provide the requested information listed below (as much as you can provide):

  • The project and commit version the issue was identified at
  • Full path(s) of source file(s) related to the manifestation of the issue
  • A proof of concept or exploit code (if possible)
  • Steps to reproduce
  • Impact of the issue, including how an attacker might exploit the issue
  • Your recommended remediation(s), if any

For sensitive email communications, please use this PGP key.

Policy

When a reported security vulnerability is verified:

  • We will patch the current release branch
  • We will give your name as the discoverer of the problem (unless you desire otherwise)
  • After patching the release branches, we will immediately issue a new security fix release

This policy is adapted from:

There aren’t any published security advisories