mirror of
https://github.com/trailbaseio/trailbase
synced 2026-04-21 13:37:44 +00:00
35 lines
1.2 KiB
Markdown
35 lines
1.2 KiB
Markdown
# Security Policy
|
|
|
|
Found a security issue in [TrailBase](https://github.com/trailbaseio/trailbase)?
|
|
Read on.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
At TrailBase we take all security bugs very seriously.
|
|
Thank you for helping to improving our security, we'll make every effort to
|
|
acknowledge your contributions.
|
|
|
|
Vulnerabilities should be reported to [security@trailbase.io](mailto:security@trailbase.io),
|
|
a private maintainer-only email address.
|
|
Please do not open a public issue, as GitHub does not provide facility for
|
|
private issues.
|
|
Deleting the issue will prevent any follow-up communication with the reporter.
|
|
|
|
When reporting an issue, where possible, please provide the following:
|
|
|
|
- Commit version where the issue was introduced.
|
|
- A proof of concept (plaintext; or ideally send a patch to same email address)
|
|
- Steps to reproduce
|
|
- Your recommended fixes, if any.
|
|
|
|
When a vulnerability is reported, we will:
|
|
|
|
- Confirm the problem and determine the affected versions.
|
|
- Audit the code to find any potential similar problems.
|
|
- Work on the fix.
|
|
- Prepare a new release.
|
|
- Manage communications.
|
|
|
|
## Comments on this Policy
|
|
|
|
If you have suggestions on how this process could be improved, let us know.
|