Skip to content

Security: openimsdk/community

Security

SECURITY.md

Security Policy

Supported Versions

In the OpenIM community, we are committed to maintaining the security of our software. The table below provides details on the versions that are currently supported with security updates.

Version Supported
3.0.x
2.0.x - 3.0.0 ✔️ (Effort will be made to address issues)
< 2.0

Reporting a Vulnerability

The OpenIM community takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

How to Report a Security Vulnerability?

If you believe you have found a security vulnerability in any of the OpenIM projects, please report it to us by sending an email to security@openim.io.

To help us better understand the nature and scope of the possible issue, please include as much of the information below as possible:

  • A clear and concise description of the potential vulnerability.
  • Steps to reproduce or proof-of-concept (PoC) that demonstrates the potential vulnerability (if possible).
  • The affected version(s) of the project.
  • Any potential impacts of the vulnerability.

Please do not disclose the vulnerability publicly until we have had the opportunity to investigate and address the issue.

What to Expect After Reporting a Vulnerability?

  • Acknowledgment: We strive to acknowledge receipt of your vulnerability report as soon as possible, typically within 24 hours.
  • Communication: After the initial reply, we will keep you informed of the progress toward a fix and full announcement.
  • Disclosure: We aim to resolve all security issues in a timely manner, and we ask that you provide us a reasonable amount of time to resolve the issue before any public disclosure is made. Once the issue is resolved, we support the public disclosure of security issues.
  • Recognition: We believe in recognizing the work of security researchers. If you would like, we will include your name as the reporter of the issue in any public disclosure of the vulnerability.

We thank you for your support and efforts in keeping our community safe.

There aren’t any published security advisories