Skip to content

Latest commit

 

History

History
36 lines (21 loc) · 1.59 KB

SECURITY.md

File metadata and controls

36 lines (21 loc) · 1.59 KB

Security Policy

Supported Versions

Version Supported
Latest beta or release candidate
v0.9.x
v0.8.x
< v0.9

Reporting a Vulnerability

If you discover a security issue in this project, please DO NOT open an issue or publicly disclose the vulnerability.

There are two ways to privately report a security issue:

Your report will be acknowledged within 24 hours, and you’ll receive a more detailed response to your report within 48 hours indicating the next steps in handling your report.

Disclosure Policy

In the event that we learn of a critical security vulnerability, we reserve the right to silently fix it without immediately disclosing the existence of the vulnerability.

In such a scenario, we will:

  1. Silently fix the vulnerability in a new release.

  2. Notify all users of the affected versions that they should upgrade to the new release.

  3. After a reasonable period of time, we will publicly disclose the vulnerability, along with credit to the reporter (with their permission).

This policy is based on the Geth team's silent patch policy.