root
/
xz
mirror of https://git.tukaani.org/xz.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Update SECURITY.md.

This commit is contained in:
Lasse Collin 2024-04-09 21:55:01 +03:00
parent 986865ea2f
commit 780d2c236d
1 changed files with 8 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
.github/SECURITY.md vendored
View File

@ -1,23 +1,14 @@
# Security Policy # Security Policy
## Supported Versions
We provide security updates to the development branch and the stable
branches. Security patches for old releases are available on the
[project website](https://tukaani.org/xz).
## Reporting a Vulnerability
If you discover a security vulnerability in this project, please If you discover a security vulnerability in this project, please
report it privately. **Do not disclose it as a public issue.** This gives report it privately. **Do not disclose it as a public issue.**
us time to work with you to fix the issue before public exposure, reducing
the chance that the exploit will be used before a patch is released.
You may submit a report by emailing us at You may submit a report via email to
[xz@tukaani.org](mailto:xz@tukaani.org), or through [Lasse Collin](mailto:lasse.collin@tukaani.org)
(OpenPGP key fingerprint: 3690 C240 CE51 B467 0D30 AD1C 38EE 757D 6918 4620),
or through
[Security Advisories](https://github.com/tukaani-project/xz/security/advisories/new). [Security Advisories](https://github.com/tukaani-project/xz/security/advisories/new).
While both options are available, we prefer email.
This project is maintained by a team of volunteers on a reasonable-effort This project is maintained by volunteers on a reasonable-effort basis.
basis. As such, please give us 90 days to work on a fix before Please give 30 days to work on a fix before public exposure,
public exposure. reducing the chance that an exploit will be used before a patch is released.