Create security policies document
Github recommends to create a SECURITY.md file containing security policies for the project. I've also enabled in-project vulnerability reporting, and linked to it in this file.
This commit is contained in:
parent
748d5987a5
commit
d168fffb12
1 changed files with 13 additions and 0 deletions
13
SECURITY.md
Normal file
13
SECURITY.md
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
Only the latest version will be supported with security updates. We will not maintain old branches.
|
||||
For this reason, you should attempt to always use the latest released version.
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
To privately report a vulnerability in oxipng, please visit [our advisories page](https://github.com/shssoichiro/oxipng/security/advisories) and use the button to report a vulnerability.
|
||||
We will review it as soon as possible.
|
||||
|
||||
For vulnerabilities in dependencies, please open a pull request updating the dependency to a patched version.
|
||||
Loading…
Reference in a new issue