You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: SECURITY.md
+14-1Lines changed: 14 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,6 +14,20 @@ Thank you for improving the security of Express and related projects.
14
14
We appreciate your efforts in responsible disclosure and will make every effort
15
15
to acknowledge your contributions.
16
16
17
+
A [Security triage team member](https://github.com/expressjs/security-wg#security-triage-team)
18
+
or [the repo captain](https://github.com/expressjs/express/blob/master/Contributing.md#active-projects-and-captains)
19
+
will acknowledge your report as soon as possible.
20
+
These timelines may extend when our triage
21
+
volunteers are away on holiday, particularly at the end of the year.
22
+
23
+
After the initial reply to your report, the security team will
24
+
endeavor to keep you informed of the progress towards a fix and full
25
+
announcement, and may ask for additional information or guidance.
26
+
27
+
> [!NOTE]
28
+
> You can find more information about our process in [this guide](https://github.com/expressjs/security-wg/blob/main/docs/handle_security_reports.md)
29
+
30
+
17
31
### Reporting Security Bugs via GitHub Security Advisory (Preferred)
18
32
19
33
The preferred way to report security vulnerabilities is through
@@ -42,7 +56,6 @@ The lead maintainer will acknowledge your email within 48 hours and provide an i
42
56
43
57
If the security issue pertains to a third-party module that is not directly maintained within the Express ecosystem, please report it to the maintainers of that module.
44
58
45
-
46
59
## Disclosure Policy
47
60
48
61
When the security team receives a security bug report, they will assign it to a
0 commit comments