github.com/telepresenceio/telepresence/v2@v2.20.0-pro.6.0.20240517030216-236ea954e789/SECURITY.md (about) 1 # Security Policy 2 3 ## Supported Versions 4 5 Security updates will be provided for the latest 2.x release. 6 7 8 ### How do we handle vulnerabilities 9 10 #### User reports 11 12 If you discover any security vulnerabilities, please follow these guidelines: 13 14 - Email your findings to [secalert@datawire.io](secalert@datawire.io). 15 - Provide sufficient details, including steps to reproduce the vulnerability. 16 - Do not publicly disclose the issue until we have had a chance to address it. 17 18 #### Dependabot 19 20 We run dependabot against our repo. We also have it create PRs with the updates. 21 22 One of the maintainers responsibilities is to review these PRs, make any necessary updates, 23 and merge them in so that they go out in our next set of releases. 24 25 #### Keeping Go updated 26 27 We're set up to receive embargoed security announcements for Golang. When it happens, 28 we create a new security incident, evaluate if we're impacted, and release a hotfix as soon as possible. 29