Skip to content

Security: ls1intum/Ares

SECURITY.md

Ares Security Policy

Supported Versions

Currently, the only supported Ares version is whatever the current one is (as shown in the README). See the Wiki for the changes and how to adjust your tests to them.

Reporting a Vulnerability

If the security problem relates to a bug that is associated with unexpected behavior or inconvenience or something non-critical is broken, simply report it as a bug and use the bug report template for that.

If what you discovered could be used maliciously or is in another way an actual security vulnerability, please do not make the issue public, but follow these steps:

  • similar to a bug report, collect information how it can be reproduced
  • state the system and the versions that are used, especially your Ares-Version.
  • provide additional information and context, if possible
  • write that in an email to [email protected] (if you wish to use PGP, the fingerprint for the email address is 80703280C4ACE4256AABFF825E2C13E54FFC3F2A)

You should get a reply from me in the next 1-2 days. I will create a Security Advisory draft that will be published when the vulnerability is resolved. Should that take over a week, I will you inform you upfront if possible and report the progress after the week and how it is going.

Even better: Name your GitHub-Account in the email so I can add you to the discussion of the Security Advisory draft!

Learn more about advisories related to ls1intum/Ares in the GitHub Advisory Database