mirror of
https://github.com/prasathmani/tinyfilemanager
synced 2024-06-15 20:25:16 +02:00
28 lines
1.2 KiB
Markdown
28 lines
1.2 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
The team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
|
|
|
|
To report a security issue, email [ccpprogrammers@gmail.com](mailto:ccpprogrammers@gmail.com) and include the word "SECURITY" in the subject line.
|
|
|
|
The team will send a response indicating the next steps in handling your report. After the initial reply to your report you will be kept informed of the progress towards a fix and full announcement.
|
|
|
|
Report security bugs in third-party modules to the person or team maintaining the module.
|
|
|
|
## Disclosure Policy
|
|
|
|
When the security team receives a security bug report, they will assign it to a
|
|
primary handler. This person will coordinate the fix and release process,
|
|
involving the following steps:
|
|
|
|
* Confirm the problem and determine the affected versions.
|
|
* Audit code to find any potential similar problems.
|
|
* Prepare fixes for all releases still under maintenance. These fixes will be
|
|
released as fast as possible to npm.
|
|
|
|
## Comments on this Policy
|
|
|
|
If you have suggestions on how this process could be improved please submit a
|
|
pull request.
|