-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5 from Plaenkler/add-security-policy
[ADD] SECURITY.md
- Loading branch information
Showing
1 changed file
with
45 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| # Security Policy | ||
|
|
||
| ## Supported Versions | ||
|
|
||
| Only the latest version is supported. Explanatory diagram: | ||
|
|
||
| | Version | Supported | | ||
| | ------------ | ------------------ | | ||
| | 1.0.0 | :white_check_mark: | | ||
| | Older | :x: | | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| To report a vulnerability, please follow these steps: | ||
|
|
||
| 1. **Email**: Send an email to [[email protected]](mailto:[email protected]) with all the details regarding the vulnerability. | ||
| 2. **Subject**: Use "[Booklooker Vulnerability Report]" as the subject line to help me prioritize and identify your report. | ||
| 3. **Vulnerability Details**: Please provide a clear and detailed description of the vulnerability, along with the potential impact it may have. | ||
| 4. **Reproducibility**: If possible, include step-by-step instructions to reproduce the vulnerability. | ||
| 5. **Versions Affected**: Specify which versions of the project are affected by the vulnerability. | ||
| 6. **Your Contact**: Include your name, email address, and any other contact information you wish to share. | ||
|
|
||
| ## Response and Resolution | ||
|
|
||
| Once I receive the vulnerability report, I will acknowledge its receipt within 72 hours. I will conduct an initial review to validate the vulnerability and determine its severity. | ||
|
|
||
| If the vulnerability is accepted: | ||
|
|
||
| - **Fixing Process**: I will prioritize developing a patch for the vulnerability. | ||
| - **Release Timeline**: The patch will be included in the next available release within a reasonable timeframe. Please note that the release cycle might vary, but I will prioritize security fixes. | ||
| - **Credit**: If you desire, I will acknowledge your contribution and give you credit for responsibly reporting the vulnerability. | ||
|
|
||
| If the vulnerability is declined: | ||
|
|
||
| - **Reasoning**: I will provide a reason for the rejection and explain why the reported issue does not qualify as a security vulnerability. | ||
|
|
||
| ## Security Updates | ||
|
|
||
| To ensure the security of Booklooker, it is crucial that all users update to the latest supported version promptly. Users of older versions that are no longer supported are strongly recommended to upgrade to a supported version to stay protected against potential security threats. | ||
|
|
||
| Thank you for helping me make Booklooker more secure. Your cooperation and responsible disclosure are essential to maintaining the integrity and trustworthiness of this project. | ||
|
|
||
| Please note that this security policy is subject to change over time, so it is advisable to check this document periodically for any updates. | ||
|
|
||
| Last Updated: August 14, 2023. |