Skip to content

Commit

Permalink
🔒 docs: Add SECURITY file
Browse files Browse the repository at this point in the history
  • Loading branch information
ARYAN-NIKNEZHAD committed Oct 25, 2024
1 parent aee78a8 commit 399beb1
Showing 1 changed file with 44 additions and 0 deletions.
44 changes: 44 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
# Security Policy

## Supported Versions

We actively support the following versions of `dj-announcement-api` with security updates:

| Version | Supported |
|---------| ------------------ |
| 1.0.0 | ✅ Fully supported |

## Reporting a Vulnerability

We take security issues seriously. If you find a vulnerability in `dj-announcement-api`, please report it confidentially. Here are the steps to report security vulnerabilities:

1. **Email**: Please send an email to [[email protected]](mailto:[email protected]) with a detailed description of the vulnerability.
2. **Details**: In your email, include the following details:
- Description of the vulnerability.
- Potential impact and severity.
- Steps to reproduce the issue.
- Any other relevant information, such as proof of concept or screenshots.

We will:
- Acknowledge your report within 2 business days.
- Work with you to understand and resolve the issue as quickly as possible.
- Provide an estimate of when a patch will be available and credit you (if desired) in the changelog.

## Handling Vulnerabilities

When a vulnerability is confirmed:
- We will create a fix and apply it to all actively supported versions of `dj-announcement-api`.
- A new release with the security fix will be published, and the vulnerability will be disclosed in the changelog or via a security advisory.
- We may delay the disclosure of details about the vulnerability until a sufficient number of users have updated to the patched version.

## General Security Guidelines

- Keep your `dj-announcement-api` package up to date with the latest versions to ensure you benefit from the latest security fixes.
- Follow our changelog for announcements regarding security fixes.
- Ensure that your logging configuration is secure and does not expose sensitive information in log files.

## Responsible Disclosure

We strongly encourage responsible disclosure and will work to fix issues in a timely manner. We appreciate any effort to help make `dj-announcement-api` more secure for all users.

Thank you for helping us improve the security of `dj-announcement-api`!

0 comments on commit 399beb1

Please sign in to comment.