The following table displays the versions of the FDAi project currently being supported with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
To report a security vulnerability within the FDAi project, follow these steps:
- Do not open a public issue on GitHub.
- Email security@FDAi.earth with the subject "FDAi Security Vulnerability".
- In the email, include a detailed description of the vulnerability, along with the affected component(s) and version(s) of the project.
- Optionally, provide a proof of concept, screenshots, or any other relevant information to help us understand and reproduce the issue.
The security team will acknowledge receipt of your vulnerability report within 48 hours and will provide an estimated timeline for addressing the issue. Once the vulnerability has been resolved, the security team will coordinate with you to disclose the issue publicly, if appropriate.
The team is committed to addressing security vulnerabilities in a timely manner. Once a vulnerability has been reported, the following process will be followed:
- The security team will evaluate the reported vulnerability and assign a severity level based on the potential impact.
- The security team will work on developing a fix for the vulnerability.
- The fix will undergo thorough testing and review to ensure its effectiveness and compatibility with the project.
- Once the fix is ready, the security team will release a new version of the FDAi project, incorporating the security update.
- Users will be notified of the new release and encouraged to update their installations as soon as possible.
Please note that this security policy is subject to change. It is recommended that users check this document regularly to stay informed about the latest security practices and procedures.