Skip to content

Security: LLCFreedom-Space/fs-user-defaults-store

Security

SECURITY.md

Security Policy

Supported Versions

Use this section to tell people about which versions of your project are currently being supported with security updates.

Version Supported
1.0.x

Private Disclosure Process

The LLC Freedom Space ask that known and suspected vulnerabilities be privately and responsibly disclosed by emailing [email protected] with the all the required detail.

Do not file a public issue.

When to report a vulnerability

  • You think you have discovered a potential security vulnerability in a FSUserDefaultsStore.
  • You are unsure how a vulnerability affects a FSUserDefaultsStore.

What happens next?

  • A member of the LLC Freedom Space will acknowledge receipt of the report within 3 working days. This may include a request for additional information about reproducing the vulnerability.
  • Once we have identified a fix we may ask you to validate it. We aim to do this within 30 days. In some cases this may not be possible, for example when the vulnerability exists at the protocol level and the industry must coordinate on the disclosure process.
  • If a CVE number is required, one will be requested through the GitHub security advisory process, providing you with full credit for the discovery.
  • We will decide on a planned release date and let you know when it is.
  • Prior to release, we will inform major dependents that a security-related patch is impending.
  • Once the fix has been released we will publish a security advisory on GitHub.

There aren’t any published security advisories