github.com/telepresenceio/telepresence/v2@v2.20.0-pro.6.0.20240517030216-236ea954e789/SECURITY.md

github.com/telepresenceio/telepresence/v2@v2.20.0-pro.6.0.20240517030216-236ea954e789/SECURITY.md (about)

     1  # Security Policy
     2  
     3  ## Supported Versions
     4  
     5  Security updates will be provided for the latest 2.x release.
     6  
     7  
     8  ### How do we handle vulnerabilities
     9  
    10  #### User reports
    11  
    12  If you discover any security vulnerabilities, please follow these guidelines:
    13  
    14  - Email your findings to [secalert@datawire.io](secalert@datawire.io).
    15  - Provide sufficient details, including steps to reproduce the vulnerability.
    16  - Do not publicly disclose the issue until we have had a chance to address it.
    17  
    18  #### Dependabot
    19  
    20  We run dependabot against our repo. We also have it create PRs with the updates. 
    21  
    22  One of the maintainers responsibilities is to review these PRs, make any necessary updates, 
    23  and merge them in so that they go out in our next set of releases.
    24  
    25  #### Keeping Go updated
    26  
    27  We're set up to receive embargoed security announcements for Golang. When it happens, 
    28  we create a new security incident, evaluate if we're impacted, and release a hotfix as soon as possible.
    29