Skip to content

Security: elementary-data/elementary

SECURITY.md

Security Policy

Reporting a vulnerability

We take the security of this project seriously and appreciate responsible disclosure.

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, please report vulnerabilities privately via GitHub Security Advisories:

  1. Go to the Security tab of this repository.
  2. Click "Report a vulnerability".
  3. Provide as much detail as you can — a description of the issue, steps to reproduce or a proof of concept, the affected version(s), and any suggested remediation.

We will acknowledge your report within 10 business days, keep you informed as we investigate, and credit you in the resulting advisory if you wish (or keep your report anonymous — your choice).

Supported versions

Security fixes are applied to the latest released version. We encourage all users to stay on the most recent release.

Scope

This policy covers the code in this repository. For security issues concerning the Elementary Cloud platform, please contact us through your Elementary support channel instead of this repository.

Disclosure process

Once a report is confirmed:

  1. We develop and test a fix privately.
  2. We release a patched version.
  3. We publish a GitHub Security Advisory describing the issue, affected versions, and the fixed version, crediting the reporter (with their consent).

Thank you for helping keep Elementary and its users safe.

There aren't any published security advisories