Skip to content

Latest commit

 

History

History
47 lines (33 loc) · 2.17 KB

SECURITY.md

File metadata and controls

47 lines (33 loc) · 2.17 KB

Security Policy

Supported Versions

We actively support the following versions of django_logging with security updates:

Version Supported
2.0.x ✅ Fully supported
1.2.x ✅ Supported
1.1.x ✅ Supported
1.0.x ⚠️ Limited support

Reporting a Vulnerability

We take security issues seriously. If you find a vulnerability in django_logging, please report it confidentially. Here are the steps to report security vulnerabilities:

  1. Email: Please send an email to [email protected] with a detailed description of the vulnerability.
  2. Details: In your email, include the following details:
    • Description of the vulnerability.
    • Potential impact and severity.
    • Steps to reproduce the issue.
    • Any other relevant information, such as proof of concept or screenshots.

We will:

  • Acknowledge your report within 2 business days.
  • Work with you to understand and resolve the issue as quickly as possible.
  • Provide an estimate of when a patch will be available and credit you (if desired) in the changelog.

Handling Vulnerabilities

When a vulnerability is confirmed:

  • We will create a fix and apply it to all actively supported versions of django_logging.
  • A new release with the security fix will be published, and the vulnerability will be disclosed in the changelog or via a security advisory.
  • We may delay the disclosure of details about the vulnerability until a sufficient number of users have updated to the patched version.

General Security Guidelines

  • Keep your django_logging package up to date with the latest versions to ensure you benefit from the latest security fixes.
  • Follow our changelog for announcements regarding security fixes.
  • Ensure that your logging configuration is secure and does not expose sensitive information in log files.

Responsible Disclosure

We strongly encourage responsible disclosure and will work to fix issues in a timely manner. We appreciate any effort to help make django_logging more secure for all users.

Thank you for helping us improve the security of django_logging!