mirror of
https://github.com/domainaware/parsedmarc.git
synced 2026-04-29 16:59:28 +00:00
25f3c3e1d0
* Add security policy * Update SECURITY.md for vulnerability reporting clarity Clarified instructions for reporting vulnerabilities and updated language regarding security fixes. --------- Co-authored-by: Sean Whalen <44679+seanthegeek@users.noreply.github.com>
30 lines
920 B
Markdown
30 lines
920 B
Markdown
# Security Policy
|
|
|
|
## Reporting a vulnerability
|
|
|
|
Please do not open a public GitHub issue for an undisclosed security
|
|
vulnerability. Use GitHub private vulnerability reporting in the Security tab of this project instead.
|
|
|
|
When reporting a vulnerability, include:
|
|
|
|
- the affected parsedmarc version or commit
|
|
- the component or integration involved
|
|
- clear reproduction details if available
|
|
- potential impact
|
|
- any suggested mitigation or workaround
|
|
|
|
## Supported versions
|
|
|
|
Security fixes will be applied to the latest released version and
|
|
the current `master` branch.
|
|
|
|
Older versions will not receive backported fixes.
|
|
|
|
## Disclosure process
|
|
|
|
After a report is received, maintainers can validate the issue, assess impact,
|
|
and coordinate a fix before public disclosure.
|
|
|
|
Please avoid publishing proof-of-concept details until maintainers have had a
|
|
reasonable opportunity to investigate and release a fix or mitigation.
|