github.com/icyphox/x@v0.0.355-0.20220311094250-029bd783e8b8/SECURITY.md

github.com/icyphox/x@v0.0.355-0.20220311094250-029bd783e8b8/SECURITY.md (about)

     1  <!--
     2  
     3  Thank you for contributing changes to this document! Because we use a central repository
     4  to synchronize this file across all our repositories, make sure to make your edits
     5  in the correct file, which you can find here:
     6  
     7  https://github.com/ory/meta/blob/master/templates/repository/SECURITY.md
     8  
     9  -->
    10  
    11  <!-- START doctoc generated TOC please keep comment here to allow auto update -->
    12  <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
    13  
    14  - [Security Policy](#security-policy)
    15    - [Supported Versions](#supported-versions)
    16    - [Reporting a Vulnerability](#reporting-a-vulnerability)
    17  
    18  <!-- END doctoc generated TOC please keep comment here to allow auto update -->
    19  
    20  # Security Policy
    21  
    22  ## Supported Versions
    23  
    24  We release patches for security vulnerabilities. Which versions are eligible
    25  receiving such patches depend on the CVSS v3.0 Rating:
    26  
    27  | CVSS v3.0 | Supported Versions                        |
    28  | --------- | ----------------------------------------- |
    29  | 9.0-10.0  | Releases within the previous three months |
    30  | 4.0-8.9   | Most recent release                       |
    31  
    32  ## Reporting a Vulnerability
    33  
    34  Please report (suspected) security vulnerabilities to
    35  **[security@ory.sh](mailto:security@ory.sh)**. You will receive a response from
    36  us within 48 hours. If the issue is confirmed, we will release a patch as soon
    37  as possible depending on complexity but historically within a few days.