mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2024-12-21 19:08:24 +01:00
64 lines
2.2 KiB
Markdown
64 lines
2.2 KiB
Markdown
|
# Security Policy
|
||
|
|
||
|
## Reporting a Vulnerability
|
||
|
|
||
|
The Stirling-PDF team takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings.
|
||
|
|
||
|
### How to Report
|
||
|
|
||
|
You can report security vulnerabilities through two channels:
|
||
|
|
||
|
1. **GitHub Security Advisory**:
|
||
|
- Navigate to the [Security tab](https://github.com/Stirling-Tools/Stirling-PDF/security) in our repository
|
||
|
- Click on "Report a vulnerability"
|
||
|
- Provide a detailed description of the vulnerability
|
||
|
|
||
|
2. **Direct Email**:
|
||
|
- Send your report to security@stirlingpdf.com
|
||
|
- Please include as much information as possible about the vulnerability
|
||
|
|
||
|
### What to Include
|
||
|
|
||
|
When reporting a vulnerability, please provide:
|
||
|
|
||
|
- A clear description of the vulnerability
|
||
|
- Steps to reproduce the issue
|
||
|
- Any potential impact
|
||
|
- If possible, suggestions for addressing the vulnerability
|
||
|
- Your contact information for follow-up questions
|
||
|
|
||
|
### Response Time
|
||
|
|
||
|
We aim to acknowledge receipt of your vulnerability report within 48 hours
|
||
|
|
||
|
### Process
|
||
|
|
||
|
1. Submit your report through one of the channels above
|
||
|
2. Receive an acknowledgment from our team
|
||
|
3. Our team will investigate and validate the issue
|
||
|
4. We will work on a fix and keep you updated on our progress
|
||
|
5. Once resolved, we will publish the fix and acknowledge your contribution (if desired)
|
||
|
|
||
|
### Bug Bounty
|
||
|
|
||
|
At this time, we do not offer a bug bounty program. However, we greatly appreciate your efforts in making Stirling-PDF more secure and will acknowledge your contribution in our release notes (unless you prefer to remain anonymous).
|
||
|
|
||
|
## Supported Versions
|
||
|
|
||
|
Only the latest version of Stirling-PDF is supported for security updates. We do not backport security fixes to older versions.
|
||
|
|
||
|
| Version | Supported |
|
||
|
| ------- | ------------------ |
|
||
|
| Latest | :white_check_mark: |
|
||
|
| Older | :x: |
|
||
|
|
||
|
**Please note:** Before reporting a security issue, ensure you are using the latest version of Stirling-PDF. Security reports for older versions will not be accepted.
|
||
|
|
||
|
## Security Best Practices
|
||
|
|
||
|
When deploying Stirling-PDF:
|
||
|
|
||
|
1. Always use the latest version
|
||
|
2. Follow our deployment guidelines
|
||
|
3. Regularly check for and apply updates
|