mirror of
https://github.com/spalencsar/bearhub.git
synced 2026-07-06 22:54:16 +02:00
Add project code of conduct and security policy
This commit is contained in:
48
SECURITY.md
Normal file
48
SECURITY.md
Normal file
@@ -0,0 +1,48 @@
|
||||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
Security fixes are provided on a best-effort basis for:
|
||||
|
||||
- the latest Bearhub release
|
||||
- the current `main` branch
|
||||
|
||||
Older releases may not receive security updates.
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
Please do not open public issues for undisclosed security vulnerabilities.
|
||||
|
||||
Use one of these channels:
|
||||
|
||||
1. GitHub Security Advisories (preferred):
|
||||
- Go to the repository `Security` tab
|
||||
- Create a private vulnerability report
|
||||
2. If advisory reporting is unavailable, contact maintainers directly via GitHub.
|
||||
|
||||
Include as much detail as possible:
|
||||
|
||||
- affected Bearhub version
|
||||
- platform details (Arch version, Python version, desktop session)
|
||||
- reproduction steps
|
||||
- expected vs. actual behavior
|
||||
- logs, stack traces, and proof-of-concept (if available)
|
||||
|
||||
## Response Process
|
||||
|
||||
Maintainers will:
|
||||
|
||||
- acknowledge the report as soon as possible
|
||||
- validate impact and scope
|
||||
- prepare and publish a fix
|
||||
- credit reporters where appropriate (if desired)
|
||||
|
||||
## Disclosure
|
||||
|
||||
Please allow reasonable time for validation and patching before public disclosure.
|
||||
|
||||
Once fixed, we will disclose:
|
||||
|
||||
- impacted versions
|
||||
- mitigation/fix guidance
|
||||
- release references containing the patch
|
||||
Reference in New Issue
Block a user