mirror of
https://github.com/aya-rs/aya.git
synced 2026-05-26 11:24:23 +02:00
Dave Tucker
22b975ea63
Explains how Maintainers are selected and their responsibilities. Explains the Pull Request review workflow. Adds config for Mergify to enforce this workflow. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
24 lines
1015 B
Markdown
24 lines
1015 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
No released versions of aya or its subprojects will receive regular security
|
|
updates until a mainline release has been performed.
|
|
A reported and fixed vulnerability will be included in the next minor release,
|
|
which depending on the severity of the vulnerability may be immediate.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
To report a vulnerability, please use the
|
|
[Private Vulnerability Reporting Feature] on GitHub. We will endevour to respond
|
|
within 48hrs of reporting.
|
|
|
|
If a vulnerability is reported but considered low priority it may be converted
|
|
into an issue and handled on the public issue tracker.
|
|
|
|
Should a vulnerability be considered severe we will endeavour to patch it within
|
|
48hrs of acceptance, and may ask for you to collaborate with us on a temporary
|
|
private fork of the repository.
|
|
|
|
[Private Vulnerability Reporting Feature]: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability
|