mirror of
https://gitea.shironeko-all.duckdns.org/shironeko/Hytale-F2P-2.git
synced 2026-02-26 02:31:46 -03:00
docs: first draft of issue and PR template
This commit is contained in:
Fazri Gading
55
.github/SECURITY.md
vendored
Normal file
55
.github/SECURITY.md
vendored
Normal file
@@ -0,0 +1,55 @@
|
||||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
We take security seriously. The following versions of our project are currently being supported with security updates:
|
||||
|
||||
| Version | Supported |
|
||||
| ------- | ------------------ |
|
||||
| 1.x.x | :white_check_mark: |
|
||||
| < 1.0 | :x: |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you discover a security vulnerability, please report it to us as follows:
|
||||
|
||||
**Do not report security vulnerabilities through public GitHub issues.**
|
||||
|
||||
Instead, please report security vulnerabilities by:
|
||||
|
||||
1. Using the [Security Vulnerability Report](.github/ISSUE_TEMPLATE/security_vulnerability.yml) template (this creates a private issue)
|
||||
2. Emailing [security@yourdomain.com](mailto:security@yourdomain.com) (if available)
|
||||
3. Contacting the maintainers directly through secure channels
|
||||
|
||||
## What to Include in Your Report
|
||||
|
||||
Please include the following information in your report:
|
||||
|
||||
- A clear description of the vulnerability
|
||||
- Steps to reproduce the issue
|
||||
- Potential impact of the vulnerability
|
||||
- Any suggested fixes or mitigations
|
||||
- Your contact information for follow-up
|
||||
|
||||
## Our Response Process
|
||||
|
||||
1. **Acknowledgment**: We will acknowledge receipt of your report within 48 hours
|
||||
2. **Investigation**: We will investigate the issue and work on a fix
|
||||
3. **Updates**: We will provide regular updates on our progress
|
||||
4. **Resolution**: Once fixed, we will notify you and publicly disclose the issue (with your permission)
|
||||
|
||||
## Responsible Disclosure
|
||||
|
||||
We kindly ask that you:
|
||||
|
||||
- Give us reasonable time to fix the issue before public disclosure
|
||||
- Avoid accessing or modifying user data
|
||||
- Avoid denial-of-service attacks or other disruptive actions
|
||||
|
||||
## Recognition
|
||||
|
||||
We appreciate security researchers who help keep our project safe. With your permission, we will acknowledge your contribution in our security advisories.
|
||||
|
||||
## Questions?
|
||||
|
||||
If you have questions about our security policy, please contact us through the methods listed above.
|
||||
Reference in New Issue
Block a user