Skip to content

Latest commit

 

History

History
74 lines (50 loc) · 2.51 KB

SECURITY.md

File metadata and controls

74 lines (50 loc) · 2.51 KB

Security Policy

The maintainers of the Tool Versions Update Action project take security issues seriously. We appreciate your efforts to responsibly disclose your findings. Due to the non-funded and open-source nature of the project, we take a best-efforts approach when it comes to engaging with security reports.

This document should be considered expired after 2025-06-01. If you are reading this after that date you should try to find an up-to-date version in the official source repository.

Supported Versions

The table below shows which versions of the project are currently supported with security updates.

Version End-of-life
1.x.x -
0.x.x 2024-01-15

This table only includes information on versions <2.0.0.

Reporting a Vulnerability

To report a security issue in the latest version of a supported version range, either (in order of preference):

Please do not open a regular issue or Pull Request in the public repository.

To report a security issue in an unsupported version of the project, or if the latest version of a supported version range isn't affected, please report it publicly. For example, as a regular issue in the public repository. If in doubt, report the issue privately.

What to Include in a Report

Try to include as many of the following items as possible in a security report:

  • An explanation of the issue
  • A proof of concept exploit
  • A suggested severity
  • Relevant CWE identifiers
  • The latest affected version
  • The earliest affected version
  • A suggested patch

Advisories

Note: Advisories will be created only for vulnerabilities present in released versions of the project.

ID Date Affected versions Patched versions
- - - -

This table is ordered most to least recent.

Acknowledgments

We would like to publicly thank the following reporters:

  • None yet