Use this section to tell people about which versions of your project are currently being supported with security updates.
Version | Supported |
---|---|
declined, etc.
If you have identified a security vulnerability in system or product please email [email protected]
with your findings. We strongly recommend using our PGP key
to prevent this information from falling into the wrong hands.
Upon receipt of a security report the following steps will be taken:
- Acknowledge your report within 48 hours, and provide a further more detailed update within 48 hours.
- Confirm the problem and determine the affected versions
- Keep you informed of the progress towards resolving the problem and notify you when the vulnerability has been fixed.
- Audit code to find any potential similar problems.
- Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.
- Handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission.
Whilst the issue is under investigation
- Do provide as much information as possible.
- Do not exploit of the vulnerability or problem you have discovered.
- Do not reveal the problem to others until it has been resolved.