From d8685d9b2c97c394d7eafe83e471c7d06dc18e8a Mon Sep 17 00:00:00 2001 From: Kushal Das Date: Mon, 7 Oct 2024 09:25:47 +0530 Subject: [PATCH] Create SECURITY.md --- SECURITY.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..830890572 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,28 @@ +# Security Policy + +## Supported Versions + +This section outlines the versions of the project currently receiving security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +If you discover a potential security vulnerability, please report it to us promptly. Here’s how you can do so: + +1. **Submit a Report:** Send an email to daskushal980@gmail.com with a detailed description of the vulnerability, including any relevant steps to reproduce the issue. Please include your contact information so we can follow up if needed. + +2. **Response Time:** We aim to acknowledge all reports within **48 hours**. Our team will review the details you provide and assess the severity of the vulnerability. + +3. **Updates:** Once a vulnerability is accepted for investigation, we will provide updates on our progress every **7 days**. If a vulnerability is declined, we will inform you of the reasons for our decision. + +4. **Resolution Process:** If your reported vulnerability is accepted, we will work to address it as quickly as possible. Once a fix is implemented, we will communicate with you before any public disclosure to ensure you are informed. + +5. **Responsible Disclosure:** We appreciate your cooperation in following responsible disclosure practices. Please do not disclose the vulnerability publicly until we have released a fix and communicated it to you. + +Thank you for helping us keep our project secure!