Skip to content

Commit 14fe8c7

Browse files
tkirda-bisonclaude
andcommitted
docs(security): add security policy and enable private vulnerability reporting
Closes #818. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 0d7635d commit 14fe8c7

1 file changed

Lines changed: 36 additions & 0 deletions

File tree

SECURITY.md

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
# Security Policy
2+
3+
## Supported Versions
4+
5+
Only the most recent 2.x release line receives security updates. The 1.5.x
6+
line is no longer maintained.
7+
8+
| Version | Supported |
9+
| :--- | :--- |
10+
| 2.x | Yes |
11+
| 1.x | No |
12+
13+
## Reporting a Vulnerability
14+
15+
Please **do not** open a public GitHub issue for security vulnerabilities.
16+
17+
Report privately via GitHub's [Private Vulnerability Reporting](https://github.com/devbridge/jQuery-Autocomplete/security/advisories/new)
18+
form on this repository. This routes the report directly to maintainers
19+
without disclosing details publicly.
20+
21+
When reporting, include:
22+
23+
- A description of the issue and its impact.
24+
- Steps to reproduce, or a minimal proof of concept.
25+
- Affected version(s).
26+
- Any suggested mitigation, if you have one.
27+
28+
You will receive an acknowledgement once the report has been reviewed.
29+
If the vulnerability is confirmed, a fix will be prepared and a coordinated
30+
disclosure date agreed before any public mention.
31+
32+
## Scope
33+
34+
This policy covers the published `devbridge-autocomplete` package and its
35+
source in this repository. It does not cover demo HTML, third-party
36+
dependencies, or applications that consume the plugin.

0 commit comments

Comments
 (0)