33 lines
906 B
Markdown
33 lines
906 B
Markdown
|
# Security Policy
|
||
|
|
|
||
|
|
## Supported Versions
|
||
|
|
|
||
|
|
| Version | Supported |
|
||
|
|
| ------- | ------------------ |
|
||
|
|
| dev | :white_check_mark: |
|
||
|
|
|
||
|
|
## Reporting a Vulnerability
|
||
|
|
|
||
|
|
**Please do not report security vulnerabilities through public GitHub issues.**
|
||
|
|
|
||
|
|
Instead, please report them via email to: **security@host.uk.com**
|
||
|
|
|
||
|
|
Include:
|
||
|
|
- Description of the vulnerability
|
||
|
|
- Steps to reproduce
|
||
|
|
- Potential impact
|
||
|
|
- Any suggested fixes (optional)
|
||
|
|
|
||
|
|
You should receive a response within 48 hours. If the issue is confirmed, we will:
|
||
|
|
1. Work on a fix privately
|
||
|
|
2. Release a patch
|
||
|
|
3. Credit you in the release notes (unless you prefer anonymity)
|
||
|
|
|
||
|
|
## Security Best Practices
|
||
|
|
|
||
|
|
When contributing to this repository:
|
||
|
|
- Never commit secrets, API keys, or credentials
|
||
|
|
- Use environment variables for sensitive configuration
|
||
|
|
- Review dependencies for known vulnerabilities
|
||
|
|
- Follow the principle of least privilege in scripts
|