Thanks for helping make {PROJECT|HACKATHON}
safe for everyone.
{PROJECT|HACKATHON}
takes the security of our software seriously, including all of the open source code repositories managed through this GitHub organization.
If you think you've found a security issue, please DO NOT report, discuss, or describe it on {Discord|Slack}
. or GitHub.
All security-related issues, concerns, and problems must be reported via email to: {security@email.nominatedperson}
.
Please include everything necessary to reproduce the problem when sending over information, including an example repository on GitHub. Please don't add explicit details about the security issue you are reporting in any of the repository's contents.
This is detrimental to the safety of all {PROJECT|HACKATHON}
users. No exceptions.
{PROJECT|HACKATHON}
Security Team members must share information only within the {PROJECT|HACKATHON}
teams on a need-to-know basis to fix the related issue in {PROJECT|HACKATHON}
. The information members and others receive through participation in this group must not be made public, shared, or even hinted otherwise, except with prior explicit approval (which shall be handled on a case-by-case basis). This holds true until the agreed-upon public disclosure date/time is satisfied.
As a clarifying example, this policy forbids {PROJECT|HACKATHON}
members from sharing list information with their employers; unless prior arrangements have been made directly with an employer.
In the unfortunate event that you share the information beyond what is allowed by this policy, you must urgently inform the {PROJECT|HACKATHON}
Team of exactly what information leaked and to whom, as well as the steps that will be taken to prevent future leaks.
Repeated offenses may lead to the removal from the {PROJECT|HACKATHON}
team.
Use this section to tell people about which versions of your project are currently being supported with security updates.
Version | Supported |
---|---|
5.1.x | ✅ |
5.0.x | ❌ |
4.0.x | ✅ |
< 4.0 | ❌ |
Use this section to tell people how to report a vulnerability.
Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc.