Skip to content

Security: timber/.github

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability within Timber or one of its other repositories, please submit your report via the link below. Please be mindful of the fact that the maintainers are working on Timber in their free time, so the initial response can take some time.

Disclosure Policy

Please do not discuss any vulnerabilities (even resolved ones) without express consent.

Submit your report

When you've found a security issue that abides by the rules and scope of this project, please submit the report to us via GitHub. In your report, make sure to include a detailed guide on how to reproduce the issue.

After your submission

We will make a best effort to meet the following response targets for security reports:

  • Time to first response (from report submit) - 5 business days
  • Time to triage (from report submit) - 10 business days
  • Time to fix (from triage) - 15 business days

There aren’t any published security advisories