Skip to content

Latest commit

 

History

History
61 lines (41 loc) · 2.33 KB

SECURITY.md

File metadata and controls

61 lines (41 loc) · 2.33 KB
Raw

Security Policy

Reporting a Security Vulnerability

If you discover a security vulnerability in the Miru Web project, please follow these guidelines to report it responsibly:

  1. Privately Notify the Maintainers: To report a security issue, please contact the project maintainers privately by emailing hello@saeloun.com. Do not disclose the issue publicly until it has been resolved.

  2. Provide Details: When reporting the issue, please provide detailed information about the vulnerability, including:

    • A clear description of the vulnerability.
    • Steps to reproduce the vulnerability.
    • Information about the affected versions of the project.
    • Any additional context or details that might be helpful.

  3. Do Not Share Exploits: Do not publicly share any details of the vulnerability, including proof-of-concept exploits or other code that demonstrates the issue.

  4. Keep Communication Confidential: Please keep all communication regarding the security issue confidential until the maintainers confirm that the issue has been resolved.

Vulnerability Handling Process

Once a security vulnerability is reported, the project maintainers will follow these steps:

  1. Initial Review: The maintainers will review the report to confirm the vulnerability's validity and severity.

  2. Patch Development: If the vulnerability is confirmed, the maintainers will work on developing a patch to address it.

  3. Testing and Validation: The patch will be thoroughly tested to ensure that it resolves the vulnerability without introducing new issues.

  4. Release: A new version of the project containing the security fix will be released. The maintainers will notify the reporter when the fix is ready.

  5. Public Disclosure: After a fixed version is released, the security issue will be publicly disclosed, along with the details of the fix.

Supported Versions

The project currently supports the following versions:

  • Version 0.20.0 (Latest Release)

Security issues will be addressed in the latest supported version. If you are using an older version, it is recommended to upgrade to the latest release.

Contact

If you have any questions or need further clarification on this security policy, please contact us at hello@saeloun.com.