Skip to content

Security: typelevel/fabric

Security

SECURITY.md

Security Policy

Reporting a Security Issue

To report a security issue, please email security@typelevel.org with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. The Security Team will attempt to respond within 3 working days of your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.

Procedure

  1. A GitHub Security Advisory will be created in the appropriate repository.
  2. A project member works privately with the reporter to resolve the vulnerability.
  3. The project creates a new release of the package the vulnerabilty affects to deliver its fix.
  4. The project publicly announces the vulnerability and describes how to apply the fix.

Scala Steward

We strongly recommend users of our libraries to use Scala Steward or something similar to automatically receive updates.

Typelevel Security Team

name email PGP public key
Ross A. Baker ross@rossabaker.com 0x975BE5BC29D92CA5
Arman Bilge arman@armanbilge.com 0xA335B107E9282548
Brian P. Holt bholt+typelevel-security@planetholt.com

There aren’t any published security advisories