mirror of
https://github.com/spalencsar/bearhub.git
synced 2026-07-06 20:34:16 +02:00
49 lines
1.2 KiB
Markdown
49 lines
1.2 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
Security fixes are provided on a best-effort basis for:
|
|
|
|
- the latest Bearhub release
|
|
- the current `main` branch
|
|
|
|
Older releases may not receive security updates.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please do not open public issues for undisclosed security vulnerabilities.
|
|
|
|
Use one of these channels:
|
|
|
|
1. GitHub Security Advisories (preferred):
|
|
- Go to the repository `Security` tab
|
|
- Create a private vulnerability report
|
|
2. If advisory reporting is unavailable, contact maintainers directly via GitHub.
|
|
|
|
Include as much detail as possible:
|
|
|
|
- affected Bearhub version
|
|
- platform details (Arch version, Python version, desktop session)
|
|
- reproduction steps
|
|
- expected vs. actual behavior
|
|
- logs, stack traces, and proof-of-concept (if available)
|
|
|
|
## Response Process
|
|
|
|
Maintainers will:
|
|
|
|
- acknowledge the report as soon as possible
|
|
- validate impact and scope
|
|
- prepare and publish a fix
|
|
- credit reporters where appropriate (if desired)
|
|
|
|
## Disclosure
|
|
|
|
Please allow reasonable time for validation and patching before public disclosure.
|
|
|
|
Once fixed, we will disclose:
|
|
|
|
- impacted versions
|
|
- mitigation/fix guidance
|
|
- release references containing the patch
|