mirror of
https://github.com/hydralauncher/hydra.git
synced 2024-11-13 14:09:24 +00:00
69 lines
2.2 KiB
Markdown
69 lines
2.2 KiB
Markdown
# Security Policy
|
|
|
|
## Purpose of the Policy
|
|
|
|
The purpose of this Security Policy is to ensure the security of our project and maintain the trust of the community.
|
|
|
|
## Who is Affected by the Policy
|
|
|
|
This policy applies to all members of our project community, including developers, testers, repository administrators, and users.
|
|
|
|
## Supported Versions
|
|
|
|
Use this section to tell people about which versions of your project are
|
|
currently being supported with security updates.
|
|
|
|
| Version | Supported |
|
|
| ------- | ------------------ |
|
|
| 2.0.x | :white_check_mark: |
|
|
| < 1.2.0 | :x: |
|
|
|
|
## Development Recommendations
|
|
|
|
### Best Practices
|
|
|
|
- Follow secure coding principles.
|
|
- Use well-established libraries and frameworks.
|
|
- Regularly update dependencies.
|
|
- Conduct thorough testing, including security-related tests.
|
|
|
|
### Unrecommended Practices
|
|
|
|
- Do not use known vulnerabilities that have not been patched.
|
|
- Do not publish sensitive information such as API keys or passwords.
|
|
- Do not vote for changes that degrade the security of the project.
|
|
|
|
### User-Generated Content
|
|
|
|
- Ensure that user-generated content does not contain hidden threats.
|
|
- Be cautious when handling user data.
|
|
|
|
### Community Interaction
|
|
|
|
- Treat each other with respect and politeness.
|
|
- Do not spread spam or spam bots.
|
|
- Follow community guidelines.
|
|
|
|
### Vulnerability Discovery and Reporting
|
|
|
|
- If you discover a vulnerability, report it as an issue on GitHub.
|
|
- Your report should contain detailed information about the vulnerability, including steps to resolve it.
|
|
|
|
### Reporting Method
|
|
|
|
To report a vulnerability, create a new issue on GitHub and use branch isolation to provide details about the vulnerability.
|
|
|
|
### Details to Provide
|
|
|
|
Please provide the following information about the vulnerability:
|
|
|
|
- Description of the vulnerability
|
|
- Steps to resolve the vulnerability
|
|
- Versions on which the vulnerability was found
|
|
- Code examples illustrating the vulnerability (if it is safe to do so)
|
|
|
|
### Expected Behavior
|
|
|
|
- If we accept the reported vulnerability, we will release a patch and update the security information on GitHub.
|
|
- If we reject the reported vulnerability, we will provide an explanation.
|