github.com/boomhut/fiber/v2@v2.0.0-20230603160335-b65c856e57d3/.github/SECURITY.md

github.com/boomhut/fiber/v2@v2.0.0-20230603160335-b65c856e57d3/.github/SECURITY.md (about)

     1  # Security Policy
     2  
     3  1. [Supported Versions](#versions)
     4  2. [Reporting security problems to Fiber](#reporting)
     5  3. [Security Point of Contact](#contact)
     6  4. [Incident Response Process](#process)
     7  
     8  <a name="versions"></a>
     9  ## Supported Versions
    10  
    11  The table below shows the supported versions for Fiber which include security updates.
    12  
    13  | Version   | Supported          |
    14  | --------- | ------------------ |
    15  | >= 1.12.6 | :white_check_mark: |
    16  | < 1.12.6  | :x:                |
    17  
    18  <a name="reporting"></a>
    19  ## Reporting security problems to Fiber
    20  
    21  **DO NOT CREATE AN ISSUE** to report a security problem. Instead, please
    22  send us an e-mail at `team@gofiber.io` or join our discord server via
    23  [this invite link](https://gofiber.io/discord) and send a private message
    24  to Fenny or any of the maintainers.
    25  
    26  <a name="contact"></a>
    27  ## Security Point of Contact
    28  
    29  The security point of contact is [Fenny](https://github.com/Fenny). Fenny responds
    30  to security incident reports as fast as possible, within one business day at the
    31  latest.
    32  
    33  In case Fenny does not respond within a reasonable time, the secondary point
    34  of contact are any of the [@maintainers](https://github.com/orgs/gofiber/teams/maintainers).
    35  The maintainers are the only other persons with administrative access to Fiber's source code.
    36  
    37  <a name="process"></a>
    38  ## Incident Response Process
    39  
    40  In case an incident is discovered or reported, we will follow the following
    41  process to contain, respond and remediate:
    42  
    43  ### 1. Containment
    44  
    45  The first step is to find out the root cause, nature and scope of the incident.
    46  
    47  - Is still ongoing? If yes, first priority is to stop it.
    48  - Is the incident outside of our influence? If yes, first priority is to contain it.
    49  - Find out knows about the incident and who is affected.
    50  - Find out what data was potentially exposed.
    51  
    52  ### 2. Response
    53  
    54  After the initial assessment and containment to our best abilities, we will
    55  document all actions taken in a response plan.
    56  
    57  We will create a comment in the official `#announcements` channel to inform users about
    58  the incident and what actions we took to contain it.
    59  
    60  ### 3. Remediation
    61  
    62  Once the incident is confirmed to be resolved, we will summarize the lessons
    63  learned from the incident and create a list of actions we will take to prevent
    64  it from happening again.
    65  
    66  ### Secure accounts with access
    67  
    68  The [Fiber Organization](https://github.com/gofiber) requires 2FA authorization
    69  for all of it's members.
    70  
    71  ### Critical Updates And Security Notices
    72  
    73  We learn about critical software updates and security threats from these sources
    74  
    75  1. GitHub Security Alerts
    76  2. GitHub: https://status.github.com/ & [@githubstatus](https://twitter.com/githubstatus)