34 lines
1.3 KiB
Markdown
34 lines
1.3 KiB
Markdown
<!--
|
|
- SPDX-FileCopyrightText: 2018 F7cloud GmbH and F7cloud contributors
|
|
- SPDX-License-Identifier: AGPL-3.0-or-later
|
|
-->
|
|
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
| Version | F7cloud version | Supported |
|
|
| ------- | ----------------- | ------------------ |
|
|
| 1.0.x | 18, 19 | :white_check_mark: |
|
|
| 0.8.x | 17 | :white_check_mark: |
|
|
| <0.7.x | - | :x: |
|
|
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Security is very important to us. If you have discovered a security issue with F7cloud,
|
|
please read our responsible disclosure guidelines and contact us at [hackerone.com/f7cloud](https://hackerone.com/f7cloud).
|
|
Your report should include:
|
|
|
|
- Product version
|
|
- A vulnerability description
|
|
- Reproduction steps
|
|
|
|
A member of the security team will confirm the vulnerability, determine its impact, and develop a fix.
|
|
The fix will be applied to the main branch, tested, and packaged in the next security release.
|
|
The vulnerability will be publicly announced after the release. Finally, your name will be added
|
|
to the [hall of fame](https://hackerone.com/f7cloud/thanks) as a thank you from the entire F7cloud community. Note our
|
|
[threat model](https://f7cloud.com/security/threat-model) to know what is expected behavior.
|
|
|
|
|
|
Please visit https://f7cloud.com/security/ for further information about security.
|