diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..62722c1 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,29 @@ +### Security Policy + +#### Supported Versions + +This section outlines which versions of the Cloudflare UFW Updater script are currently supported with security updates. Please use the latest supported version to ensure optimal security and functionality. + +| Version | Supported | +| ------- | ------------------ | +| 1.0.0 | :white_check_mark: | + +#### Reporting a Vulnerability + +If you discover a vulnerability in the Cloudflare UFW Updater script, please help us improve the security of our project by reporting it responsibly. Here’s how you can report a vulnerability: + +- **Where to Report**: Send your vulnerability report via email to [thomasvincent@gmail.com](mailto:thomasvincent@gmail.com). Please do not report security vulnerabilities through public GitHub issues. + +- **What to Include**: Provide as much information as possible about the vulnerability, including: + - The version of the script affected. + - Any relevant details about the environment (OS version, UFW version). + - Steps to reproduce the vulnerability. + - Possible impacts (if known). + +- **Response Time**: Our team aims to acknowledge receipt of your vulnerability report within 48 hours. After the initial acknowledgment, we will strive to keep you informed of the progress toward a fix and full announcement, and we may ask for additional information or guidance. + +- **Disclosure Process**: Once the vulnerability has been evaluated and confirmed, we will schedule a fix to be included in the next patch release. We will publicly disclose the vulnerability details after the patch is available, consistent with best practices in responsible disclosure. + +- **Rewards and Acknowledgments**: While we currently do not offer a bounty for vulnerability reports, we publicly acknowledge contributors in our release announcements and project documentation who responsibly report security issues. + +This policy ensures that all security concerns are handled promptly and effectively, maintaining the highest level of security for users of the Cloudflare UFW Updater script.