Merge pull request #176 from SISheogorath/docs/security

Add security note to repository
This commit is contained in:
Sheogorath 2019-09-12 21:35:19 +02:00 committed by GitHub
commit 10a6e7c816
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

32
SECURITY.md Normal file
View file

@ -0,0 +1,32 @@
# Security Policy
## Supported Versions
Only the latest release of CodiMD is supported. We don't have the
ressources to maintain multiple versions.
## Reporting a Vulnerability
If you find a vulnerability for [this repository](https://github.com/codimd/server), please report it to
[@SISheogorath](https://github.com/SISheogorath).
Please report your findings OpenPGP encrypted. If you are not aware of
how to use OpenPGP, please refer to [@SISheogorath's OpenPGP page](https://shivering-isles.com/pgpme),
which will take care of the encryption for you.
We'll get back to you as soon as possible. You can expect an answer within
3 days, in rare cases within a month. If you don't get a reply within a month,
please reach out for other contact addresses in the [community chat](https://riot.im/app/#/room/#codimd:matrix.org).
When your findings are accepted as a security issue, we'll work an a fix or
at least a workaround for the next release. With the release that contained
the fix, we want to encurage you to publish your findings as you like.
We'll also credit you in the release notes.
When your findings are not accepted as a security issue, feel free to write
a fix yourself and contribute it to CodiMD, as well as publish them as you
like and allow people to make in informed decision about using CodiMD.
If you have any further questions, feel free to reach out to the
[community chat](https://riot.im/app/#/room/#codimd:matrix.org) or the mentioned contacts above.