github.com/timandy/routine@v1.1.4-0.20240507073150-e4a3e1fe2ba5/SECURITY.md (about)

     1  # Security Policy
     2  
     3  ## Supported Versions
     4  
     5  At the moment, only the latest commit on the `main` branch will be supported for security vulnerabilities.
     6  
     7  | **Branch** | **Supported** |
     8  |:----------:|:-------------:|
     9  |   `main`   |       ✅       |
    10  
    11  ## Reporting a Vulnerability
    12  
    13  **Please do not report security vulnerabilities through public GitHub issues.**
    14  
    15  If you found a security vulnerability in the current repository, please send a mail to [Tim Andy](mailto:xuchonglei@126.com).
    16  You should get a reply within *72 hours* that we have received your report and a tentative [CVSS](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator) score.
    17  We will do a preliminary analysis to confirm that the vulnerability is a plausible claim and decline the report otherwise.
    18  
    19  If possible, please include:
    20  
    21  1. reproducible steps on how to trigger the vulnerability.
    22  2. a description on why you are convinced that it exists.
    23  3. any information you may have on active exploitation of the vulnerability.