diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..4780f76371 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,15 @@ +# Security Policy + +## Supported Versions + +This is alpha software, do not run on a production system. Notably, we currently provide no migration path not even "dump state and restart" to move to future versions. + + +We will have a stable v0.x version before the final v1.0.0 version with the same API as the v1.0 version in order to run last testnets and manual testing on it. We have not yet committed to that version number. +Our v1.0.0 release plans were also delayed by upstream release cycles, and we have continued to refine APIs while we can. + +## Reporting a Vulnerability + +Please report any security issues via email to security@confio.gmbh. + +You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.