|
| 1 | +# Security Policy |
| 2 | + |
| 3 | +## Supported Versions |
| 4 | + |
| 5 | +We currently support security updates for the following versions of git-mob: |
| 6 | + |
| 7 | +| Version | Supported | |
| 8 | +| ------- | ------------------ | |
| 9 | +| Latest | :white_check_mark: | |
| 10 | +| Others | :x: | |
| 11 | + |
| 12 | +Only the latest version receives security updates. We recommend always using the most recent version available. |
| 13 | + |
| 14 | +## Reporting a Vulnerability |
| 15 | + |
| 16 | +If you discover a security vulnerability in git-mob, please report it responsibly: |
| 17 | + |
| 18 | +### Reporting Process |
| 19 | + |
| 20 | +1. **Do not** create a public GitHub issue for security vulnerabilities |
| 21 | +2. Instead, please use GitHub's private vulnerability reporting feature: |
| 22 | + - Go to the [Security tab](https://github.com/Mubashwer/git-mob/security) of this repository |
| 23 | + - Click "Report a vulnerability" |
| 24 | + - Fill out the vulnerability report form with as much detail as possible |
| 25 | + |
| 26 | +### What to Include |
| 27 | + |
| 28 | +When reporting a vulnerability, please include: |
| 29 | + |
| 30 | +- A clear description of the vulnerability |
| 31 | +- Steps to reproduce the issue |
| 32 | +- Potential impact assessment |
| 33 | +- Any suggested fixes or mitigations (if you have them) |
| 34 | + |
| 35 | +### Response Timeline |
| 36 | + |
| 37 | +- We will acknowledge receipt of your vulnerability report within **1 week** |
| 38 | +- We aim to provide an initial assessment within **2-3 weeks** |
| 39 | +- We will keep you updated on our progress toward a fix |
| 40 | +- Once a fix is available, we will coordinate with you on disclosure timing |
| 41 | + |
| 42 | +Please note that this is a personal project maintained in spare time, so response times may vary. |
| 43 | + |
| 44 | +### What to Expect |
| 45 | + |
| 46 | +- **If accepted**: We will work on a fix and release a security update. You will be credited for the discovery (unless you prefer to remain anonymous) |
| 47 | +- **If declined**: We will provide a clear explanation of why the report does not qualify as a security vulnerability |
| 48 | + |
| 49 | +Thank you for helping to keep git-mob secure! |
0 commit comments