- You think you discovered a potential security vulnerability.
- You are unsure how a vulnerability affects this application.
- You think you discovered a vulnerability in another project that this application depends on. For projects with their own vulnerability reporting and disclosure process, please report it directly there.
- You need help tuning application components for security
- You need help applying security-related updates.
- Your issue is not security-related.
- Email devops+security@doodle.com
- Emails should contain:
- description of the problem
- precise and detailed steps (include screenshots) that created the problem
- the affected version(s)
- any possible mitigations, if known
- Emails should contain:
- You may be contacted by a project maintainer to further discuss the reported item. Please bear with us as we seek to understand the breadth and scope of the reported problem, recreate it, and confirm if there is a vulnerability present.
Versions follow Semantic Versioning terminology and are expressed as x.y.z:
- where x is the major version
- y is the minor version
- and z is the patch version
Security fixes, may be backported to the three most recent minor releases, depending on severity and feasibility. Patch releases are cut from those branches periodically, plus additional urgent releases, when required.