github/wails
5
0
Fork 0
mirror of https://github.com/wailsapp/wails.git synced 2025-05-03 04:29:35 +08:00
Code Projects Activity

Create SECURITY.md

Browse Source
This commit is contained in:
Lea Anthony 2024-02-14 18:09:12 +11:00 committed by GitHub
parent 1c8e2ee8fe
commit 1957e2e86c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
SECURITY.md Normal file
View File

@ -0,0 +1,38 @@
# Security Policy
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| 2.x.x | :white_check_mark: |
| 3.0.x-alpha | :x: |
## Reporting a Vulnerability
If you believe you have found a security vulnerability in our project, we encourage you to let us know right away.
We will investigate all legitimate reports and do our best to quickly fix the problem.
Before reporting though, please review our security policy below.
### How to Report
To report a security vulnerability, please send an email to `security@wails.io`. If possible, please include as much information as possible.
This may include steps to reproduce, impact of the vulnerability, and anything else you believe would help us understand the problem.
**Please do not include any sensitive or personal information in your report**.
### What to Expect
When you report a vulnerability, here's what you can expect:
- **Acknowledgement**: We will acknowledge your email within 48 hours, and you'll receive a more detailed response to your email within 72 hours indicating the next steps in handling your report.
- **Updates**: After the initial reply to your report, our team will keep you informed of the progress being made towards a fix and full announcement. These updates will be sent at least once a week.
- **Confidentiality**: We will maintain strict confidentiality of your report until the security issue is resolved.
- **Issue Resolution**: If the issue is confirmed, we will release a patch as soon as possible depending on complexity of the fix.
- **Recognition**: We recognize and appreciate every individual who helps us identify and fix vulnerabilities in our project. While we do not currently have a bounty program, we would be happy to publicly acknowledge your responsible disclosure.
We strive to make Wails safe for everyone, and we greatly appreciate the assistance of security researchers and users in helping us identify and fix vulnerabilities. Thank you for your contribution to the security of this project.