mirror of
https://github.com/hydralauncher/hydra.git
synced 2024-11-11 11:59:24 +00:00
2.2 KiB
2.2 KiB
Security Policy
Purpose of the Policy
The purpose of this Security Policy is to ensure the security of our project and maintain the trust of the community.
Who is Affected by the Policy
This policy applies to all members of our project community, including developers, testers, repository administrators, and users.
Supported Versions
Use this section to tell people about which versions of your project are currently being supported with security updates.
Version | Supported |
---|---|
2.0.x | ✅ |
< 1.2.0 | ❌ |
Development Recommendations
Best Practices
- Follow secure coding principles.
- Use well-established libraries and frameworks.
- Regularly update dependencies.
- Conduct thorough testing, including security-related tests.
Unrecommended Practices
- Do not use known vulnerabilities that have not been patched.
- Do not publish sensitive information such as API keys or passwords.
- Do not vote for changes that degrade the security of the project.
User-Generated Content
- Ensure that user-generated content does not contain hidden threats.
- Be cautious when handling user data.
Community Interaction
- Treat each other with respect and politeness.
- Do not spread spam or spam bots.
- Follow community guidelines.
Vulnerability Discovery and Reporting
- If you discover a vulnerability, report it as an issue on GitHub.
- Your report should contain detailed information about the vulnerability, including steps to resolve it.
Reporting Method
To report a vulnerability, create a new issue on GitHub and use branch isolation to provide details about the vulnerability.
Details to Provide
Please provide the following information about the vulnerability:
- Description of the vulnerability
- Steps to resolve the vulnerability
- Versions on which the vulnerability was found
- Code examples illustrating the vulnerability (if it is safe to do so)
Expected Behavior
- If we accept the reported vulnerability, we will release a patch and update the security information on GitHub.
- If we reject the reported vulnerability, we will provide an explanation.