From f4d52a04aac0976bc848809da7e5548960a326e5 Mon Sep 17 00:00:00 2001 From: maslow Date: Thu, 16 Nov 2023 10:33:56 +0800 Subject: [PATCH] chore: create SECURITY.md --- SECURITY.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..f4ed7e03c7 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,44 @@ +# Security Policy + +## Supported Versions + +Which versions are currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 1.0.0-beta.13 | :white_check_mark: | +| 1.0.0-beta.12 | :white_check_mark: | +| 1.0.0-beta.11 | :white_check_mark: | +| < 1.0.0-beta.10 | :x: | + +## Security + +Laf takes the security of our software products and services seriously. + +If you believe you have found a security vulnerability in laf repository, please report it to us as described below. + +## Reporting Security Issues + +**Please do not report security vulnerabilities through public GitHub issues.** + +Instead, please report them by sending email to [maslow@sealos.io](mailto:maslow@sealos.io). + +You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. + +Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: + + * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) + * Full paths of source file(s) related to the manifestation of the issue + * The location of the affected source code (tag/branch/commit or direct URL) + * Any special configuration required to reproduce the issue + * Step-by-step instructions to reproduce the issue + * Proof-of-concept or exploit code (if possible) + * Impact of the issue, including how an attacker might exploit the issue + +This information will help us triage your report more quickly. + +If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. + +## Preferred Languages + +We prefer all communications to be in English or Chinese.