43 lines
1.5 KiB
Markdown
43 lines
1.5 KiB
Markdown
|
# Security Policy
|
||
|
|
|
||
|
|
## Supported Versions
|
||
|
|
|
||
|
|
| Version | Supported |
|
||
|
|
| ------- | ------------------ |
|
||
|
|
| 2.9.x | :white_check_mark: |
|
||
|
|
| < 2.9 | :x: |
|
||
|
|
|
||
|
|
## Reporting a Vulnerability
|
||
|
|
|
||
|
|
We take all security bugs in `diff2html` seriously.
|
||
|
|
Thank you for the help improving the security of `diff2html`.
|
||
|
|
We appreciate your efforts and responsible disclosure and
|
||
|
|
will make every effort to acknowledge your contributions.
|
||
|
|
|
||
|
|
Report security bugs by emailing the lead maintainer at `rtfrodrigo [at] gmail [dot] com`.
|
||
|
|
|
||
|
|
The lead maintainer will acknowledge your email within 48 hours, and will send a
|
||
|
|
more detailed response within 48 hours indicating the next steps in handling
|
||
|
|
your report. After the initial reply to your report, the security team will
|
||
|
|
endeavor to keep you informed of the progress towards a fix and full
|
||
|
|
announcement, and may ask for additional information or guidance.
|
||
|
|
|
||
|
|
Report security bugs in third-party modules to the person or team maintaining
|
||
|
|
the module.
|
||
|
|
|
||
|
|
## Disclosure Policy
|
||
|
|
|
||
|
|
When the security team receives a security bug report, they will assign it to a
|
||
|
|
primary handler. This person will coordinate the fix and release process,
|
||
|
|
involving the following steps:
|
||
|
|
|
||
|
|
* Confirm the problem and determine the affected versions.
|
||
|
|
* Audit code to find any potential similar problems.
|
||
|
|
* Prepare fixes for all releases still under maintenance. These fixes will be
|
||
|
|
released as fast as possible.
|
||
|
|
|
||
|
|
## Comments on this Policy
|
||
|
|
|
||
|
|
If you have suggestions on how this process could be improved please submit a
|
||
|
|
pull request.
|