From 510183e8821c2955c6ec2a331254fc652e125d30 Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Mon, 11 Sep 2023 14:51:22 -0300 Subject: [PATCH 1/3] Create Security Policy --- SECURITY.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..db3af96 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,13 @@ +# Security Policy + +## Supported Versions + +Security updates are applied only to the latest release. + +## Reporting a Vulnerability + +If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to evaluate and fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released. + +Please disclose it at our [security advisory](https://github.com/sourcegraph/jsonrpc2/security/advisories/new). + +This project is maintained by a team of volunteers on a reasonable-effort basis. As such, vulnerabilities will be handled and/or disclosed in a best effort base. From e4e2e6324cc227e225424248104c7a63da107647 Mon Sep 17 00:00:00 2001 From: Will Dollman Date: Mon, 25 Sep 2023 11:50:00 +0100 Subject: [PATCH 2/3] Update security policy to use email for reporting --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index db3af96..60be4f2 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -8,6 +8,6 @@ Security updates are applied only to the latest release. If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to evaluate and fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released. -Please disclose it at our [security advisory](https://github.com/sourcegraph/jsonrpc2/security/advisories/new). +Please disclose it privately via email to security@sourcegraph.com. We will work with you to understand and resolve the issue promptly. This project is maintained by a team of volunteers on a reasonable-effort basis. As such, vulnerabilities will be handled and/or disclosed in a best effort base. From 943e53c8e9bdcbf503287c020a077fc38ccfde5e Mon Sep 17 00:00:00 2001 From: Will Dollman Date: Mon, 25 Sep 2023 11:53:41 +0100 Subject: [PATCH 3/3] Update SECURITY.md Co-authored-by: Vincent --- SECURITY.md | 1 - 1 file changed, 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 60be4f2..d889a1f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -10,4 +10,3 @@ If you have discovered a security vulnerability in this project, please report i Please disclose it privately via email to security@sourcegraph.com. We will work with you to understand and resolve the issue promptly. -This project is maintained by a team of volunteers on a reasonable-effort basis. As such, vulnerabilities will be handled and/or disclosed in a best effort base.