Skip to content

Security: WorldHealthOrganization/godata

SECURITY.md

Security Policy

Supported Versions

The following versions of Go.Data are currently being supported with security updates.

Version Supported Released
47.0 22 June 2023
46.0 04 May 2023
45.0 23 February 2023
44.0 21 September 2022

Reporting a Vulnerability

If you find a vulnerability or a security issue, please contact godata@who.int. In the email, please include the following information:

  • Your name and affiliation (we will only use this information to follow up on the issue in case we need more details)
  • A description of the technical details of the vulnerabilities or security issues
  • An example of how the issue manifests
  • An explanation of who can exploit the vulnerability and what they gain by doing so (an attack scenario)
  • Whether the vulnerability is public or known to third parties

The maintainers will endeavour to keep the reporter updated on progress being made toward a fix. Disclosures could include:

  • Confirming the issue and determining its severity
  • Implementations that use Go.Data and require mitigation before publication of the issue will be notified
  • Preparation (but not publication) of the details of the problem
  • Vulnerability fix and identified workarounds
  • Security advisory published for all fixed vulnerabilities

There aren’t any published security advisories