From d6d1b83513fc5818fdb9b443d60315fb0c4e0f11 Mon Sep 17 00:00:00 2001 From: Jonas L Date: Sun, 26 Feb 2023 19:35:03 +0100 Subject: [PATCH] chore: add security policy (#2378) --- SECURITY.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..e17a4d50c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,14 @@ +# Security Policy + +## Reporting a Vulnerability + +**Please do not use GitHub issues for security-sensitive communication.** + +The LibreTime maintainers ask that known and suspected vulnerabilities to be privately and responsibly disclosed by: + +- sending all the required detail to [security@libretime.org](security@libretime.org), +- or by filling a [security advisory on Github](https://github.com/libretime/libretime/security/advisories/new). + +A LibreTime maintainer will acknowledged the report within 3 working days. + +We aim to provide a security patch within 30 days, after this period the report will be disclosed to the public. The security patch will be distributed for the [maintained versions of LibreTime](https://libretime.org/docs/developer-manual/development/releases/#distributions-releases-support).