-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
aee78a8
commit 399beb1
Showing
1 changed file
with
44 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
# Security Policy | ||
|
||
## Supported Versions | ||
|
||
We actively support the following versions of `dj-announcement-api` with security updates: | ||
|
||
| Version | Supported | | ||
|---------| ------------------ | | ||
| 1.0.0 | ✅ Fully supported | | ||
|
||
## Reporting a Vulnerability | ||
|
||
We take security issues seriously. If you find a vulnerability in `dj-announcement-api`, please report it confidentially. Here are the steps to report security vulnerabilities: | ||
|
||
1. **Email**: Please send an email to [[email protected]](mailto:[email protected]) with a detailed description of the vulnerability. | ||
2. **Details**: In your email, include the following details: | ||
- Description of the vulnerability. | ||
- Potential impact and severity. | ||
- Steps to reproduce the issue. | ||
- Any other relevant information, such as proof of concept or screenshots. | ||
|
||
We will: | ||
- Acknowledge your report within 2 business days. | ||
- Work with you to understand and resolve the issue as quickly as possible. | ||
- Provide an estimate of when a patch will be available and credit you (if desired) in the changelog. | ||
|
||
## Handling Vulnerabilities | ||
|
||
When a vulnerability is confirmed: | ||
- We will create a fix and apply it to all actively supported versions of `dj-announcement-api`. | ||
- A new release with the security fix will be published, and the vulnerability will be disclosed in the changelog or via a security advisory. | ||
- We may delay the disclosure of details about the vulnerability until a sufficient number of users have updated to the patched version. | ||
|
||
## General Security Guidelines | ||
|
||
- Keep your `dj-announcement-api` package up to date with the latest versions to ensure you benefit from the latest security fixes. | ||
- Follow our changelog for announcements regarding security fixes. | ||
- Ensure that your logging configuration is secure and does not expose sensitive information in log files. | ||
|
||
## Responsible Disclosure | ||
|
||
We strongly encourage responsible disclosure and will work to fix issues in a timely manner. We appreciate any effort to help make `dj-announcement-api` more secure for all users. | ||
|
||
Thank you for helping us improve the security of `dj-announcement-api`! |