magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: Apply feedback on security policy

Browse source
This commit is contained in:
Jade Ellis 2025-05-26 15:01:58 +01:00
parent 0ba77674c7
commit e8d823a653
No known key found for this signature in database
GPG key ID: 8705A2A3EBF77BD2
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
SECURITY.md
View file

@ -12,16 +12,18 @@ We provide security updates for the following versions of Continuwuity:
| Main branch | ✅ | | Main branch | ✅ |
| Older releases | ❌ | | Older releases | ❌ |
We may backport fixes to the previous release at our discretion, but we don't guarantee this.
## Reporting a Vulnerability ## Reporting a Vulnerability
### Responsible Disclosure ### Responsible Disclosure
We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines: We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines:
1. **Email the security team** directly at [security@continuwuity.org](mailto:security@continuwuity.org) 1. Contact members of the team over E2EE private message.
2. Contact members of the team over E2EE private message.
- [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link) - [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
- [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? --> - [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? -->
2. **Email the security team** directly at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
3. **Do not disclose the vulnerability publicly** until it has been addressed 3. **Do not disclose the vulnerability publicly** until it has been addressed
4. **Provide detailed information** about the vulnerability, including: 4. **Provide detailed information** about the vulnerability, including:
- A clear description of the issue - A clear description of the issue
@ -30,6 +32,8 @@ We appreciate the efforts of security researchers and the community in identifyi
- Any possible mitigations - Any possible mitigations
- Version(s) affected, including specific commits if possible - Version(s) affected, including specific commits if possible
If you have any doubts about a potential security vulnerability, contact us via private channels first! We'd prefer that you bother us, instead of having a vulnerability disclosed without a fix.
### What to Expect ### What to Expect
When you report a security vulnerability: When you report a security vulnerability: