Create SECURITY.md for security policy and vulnerability reporting #2130
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # Security Policy | ||
|
|
||
| ## Supported Versions | ||
|
|
||
| Use this section to tell people about which versions of your project are | ||
| currently being supported with security updates. | ||
|
|
||
| | Version | Supported | | ||
| | ------- | ------------------ | | ||
| | 5.1.x | :white_check_mark: | | ||
| | 5.0.x | :x: | | ||
| | 4.0.x | :white_check_mark: | | ||
| | < 4.0 | :x: | | ||
|
Comment on lines
+8
to
+13
Contributor
There was a problem hiding this comment.
The project's current version is |
||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| Use this section to tell people how to report a vulnerability. | ||
|
|
||
| Tell them where to go, how often they can expect to get an update on a | ||
| reported vulnerability, what to expect if the vulnerability is accepted or | ||
| declined, etc. | ||
|
Comment on lines
+15
to
+21
Contributor
There was a problem hiding this comment.
The entire "Reporting a Vulnerability" section is unmodified from the GitHub template ("Use this section to tell people how to report a vulnerability…"). There is no email address, GitHub Security Advisories link, expected response time, or disclosure process. Anyone discovering a vulnerability would have nowhere to report it, defeating the purpose of the file. |
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lines 5–6 ("Use this section to tell people about which versions…") are GitHub template instructions intended to be replaced by the author, not published verbatim.