Security Reporting Potential Security Issues 1
If you come across any vulnerability or bug in this project, please report it to us at support@nops.io and not via GitHub issue.
We will make sure that our security team work with you to verify the vulnerability, build a patch, validate the fix, and finally issue a public report.
When reporting issues, please provide the following information:
-
Description of affected components with the detail to reproduce the issue
-
Summary of security vulnerability together with its impact
We request that you contact us via the email address mentioned above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this will help them protect the project's users, and will also give them a chance to upgrade and/or update the applications or any of its affected components.
If we verify a reported security vulnerability, our policy is to:
-
Patch the current release branch, as well as the immediate prior minor release branch.
-
Issuing new security fix releases for each patched release branch.
A security advisory will also be released on the project website detailing the vulnerability, as well as recommendations for end-users to protect themselves. All security advisories will be listed on the project wiki.