34 lines
1.3 KiB
Markdown
34 lines
1.3 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
| Version | Supported |
|
|
|---------|--------------------|
|
|
| latest | :white_check_mark: |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
To report a security vulnerability go
|
|
to [Advisories section](https://github.com/utox39/zigfetch/security/advisories) or contact this email address:
|
|
francescomoccaldi39@gmail.com
|
|
|
|
1. Describe the vulnerability.
|
|
|
|
* Type of issue (e.g. buffer overflow, etc.)
|
|
* Full paths of source file(s) related to the manifestation of the issue
|
|
* The location of the affected source code (tag/branch/commit or direct URL)
|
|
* Any special configuration required to reproduce the issue
|
|
* Step-by-step instructions to reproduce the issue
|
|
* Proof-of-concept or exploit code (if possible)
|
|
* Impact of the issue, including how an attacker might exploit the issue
|
|
|
|
2. If you have a fix, that is most welcome -- please attach or summarize it in your message!
|
|
|
|
3. I will evaluate the vulnerability in a controlled environment and, if necessary, release a fix or mitigating steps
|
|
to address it. I will contact you to let you know the outcome, and will credit you in the report.
|
|
|
|
4. Please DO NOT disclose the vulnerability publicly until a fix is released!
|
|
|
|
Once I have either a) published a fix, or b) declined to address the vulnerability for whatever reason, you are free to
|
|
publicly disclose it.
|