mirror of
https://github.com/domainaware/parsedmarc.git
synced 2026-03-19 21:15:59 +00:00
25f3c3e1d0
* Add security policy * Update SECURITY.md for vulnerability reporting clarity Clarified instructions for reporting vulnerabilities and updated language regarding security fixes. --------- Co-authored-by: Sean Whalen <44679+seanthegeek@users.noreply.github.com>
920 B
920 B
Security Policy
Reporting a vulnerability
Please do not open a public GitHub issue for an undisclosed security vulnerability. Use GitHub private vulnerability reporting in the Security tab of this project instead.
When reporting a vulnerability, include:
- the affected parsedmarc version or commit
- the component or integration involved
- clear reproduction details if available
- potential impact
- any suggested mitigation or workaround
Supported versions
Security fixes will be applied to the latest released version and
the current master branch.
Older versions will not receive backported fixes.
Disclosure process
After a report is received, maintainers can validate the issue, assess impact, and coordinate a fix before public disclosure.
Please avoid publishing proof-of-concept details until maintainers have had a reasonable opportunity to investigate and release a fix or mitigation.