mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-04 21:04:37 +08:00
Update security policy
This commit is contained in:
Konstantin Wohlwend
parent
436400dd22
commit
f1eaf4c2cc
12
.github/SECURITY.md
vendored
12
.github/SECURITY.md
vendored
@ -4,14 +4,12 @@
|
||||
|
||||
Only the latest versions of Stack's server and client packages are supported. We do not provide security updates for older versions.
|
||||
|
||||
If you would like to get security consulting regarding older versions of on-prem or self-hosted deployments of Stack, please [contact us](mailto:team@stack-auth.com).
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
Stack Auth practices [responsible disclosure](https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure).
|
||||
Stack Auth practices [responsible disclosure](https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure). This helps us protect our users, but requires your cooperation.
|
||||
|
||||
Please disclose security vulnerabilities responsibly by emailing us at responsible-disclosure@stack-auth.com. In this case:
|
||||
Please disclose security vulnerabilities responsibly by emailing us at security@stack-auth.com. In this case, we will get back to you within 96 hours, and aim to get a fix released as soon as possible. We will disclose the issue publicly after at most 90 days.
|
||||
|
||||
- We will get back to you within 96 hours.
|
||||
- We will aim to get a fix released within 30 days, and disclose the issue, crediting you.
|
||||
- If we are unable to fix the issue within 90 days, we will disclose the issue publicly.
|
||||
|
||||
Please do not create GitHub issues with security vulnerabilities; instead, email us directly at the address above.
|
||||
Hence, we ask you not to publicize issues until the 90 days deadline is over. Also, please do not create GitHub issues with security vulnerabilities; instead, email us directly at the address above.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user