Github recommends to create a SECURITY.md file containing security policies for the project. I've also enabled in-project vulnerability reporting, and linked to it in this file.
13 lines
589 B
Markdown
13 lines
589 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
Only the latest version will be supported with security updates. We will not maintain old branches.
|
|
For this reason, you should attempt to always use the latest released version.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
To privately report a vulnerability in oxipng, please visit [our advisories page](https://github.com/shssoichiro/oxipng/security/advisories) and use the button to report a vulnerability.
|
|
We will review it as soon as possible.
|
|
|
|
For vulnerabilities in dependencies, please open a pull request updating the dependency to a patched version.
|