| layout | title | category | tags | order | ||||
|---|---|---|---|---|---|---|---|---|
developer-doc |
Security Policy |
summary |
|
4 |
This document outlines the security policy for Enso and its libraries.
If you believe that you have found a vulnerability in Enso or one of its libraries, please see the section on reporting a vulnerability below.
Security updates for Enso are provided for the versions shown below with a :white_check_mark: next to them. No other versions have security updates provided.
| Version | Supported |
|---|---|
main@HEAD |
✅ |
wip/* |
❌ |
Please see our release policy for more information on how we support released versions.
If you believe that you've found a security vulnerability in the Enso codebase or one of the libraries maintained in this repository, please contact security@enso.org and provide details of the bug.
You can expect an update on a reported vulnerability within one business day, and the timeline works as follows:
- We analyse your report to determine the risk posed by the vulnerability, and our further steps forward. This may involve asking for more information.
- We will email the submitter with our verdict as to whether it is, or isn't a vulnerability, as well as the severity if it is.
- We plan and outline any steps necessary to fixing the bug, including the timeline for fixing the vulnerability within 90 days.
- We will communicate the planned fix with the person who submitted the vulnerability report.
- We will fix the bug and communicate with the submitter when the fix has
landed on
main, and when it has been backported to the above supported versions. - The submitted may then disclose the bug publicly.
All communication will take place via email with a member of our team.