|
| 1 | +<!-- SPDX-License-Identifier: GPL-2.0-only --> |
| 2 | +<!-- Copyright (C) 2026 Daniel Wagner, SUSE LLC --> |
| 3 | +<!-- Author: Daniel Wagner <[email protected]> --> |
| 4 | +# Security Policy |
| 5 | + |
| 6 | +## Reporting a Vulnerability |
| 7 | + |
| 8 | +If you discover a security vulnerability in this project, please report it |
| 9 | +responsibly. |
| 10 | + |
| 11 | +Please send an email to: |
| 12 | + |
| 13 | + |
| 14 | + |
| 15 | +Include as much information as possible to help us understand and reproduce the |
| 16 | +issue, such as: |
| 17 | + |
| 18 | +* A description of the vulnerability |
| 19 | +* Steps to reproduce the issue |
| 20 | +* Potential impact |
| 21 | +* Suggested fixes (if available) |
| 22 | + |
| 23 | +## Disclosure Policy |
| 24 | + |
| 25 | +We ask that security issues are **not disclosed publicly** until they have been |
| 26 | +investigated and a fix has been prepared. |
| 27 | + |
| 28 | +After receiving a report, we will: |
| 29 | + |
| 30 | +1. Acknowledge receipt of the vulnerability report. |
| 31 | +2. Investigate and determine the impact. |
| 32 | +3. Develop and test a fix where applicable. |
| 33 | +4. Coordinate responsible disclosure. |
| 34 | + |
| 35 | +## Supported Versions |
| 36 | + |
| 37 | +Security fixes are generally applied to the currently maintained version of the |
| 38 | +project. Older versions may not receive security updates. |
| 39 | + |
| 40 | +## Scope |
| 41 | + |
| 42 | +This policy applies only to vulnerabilities in the source code of this |
| 43 | +repository. Issues related to third-party dependencies should be reported to the |
| 44 | +respective upstream projects. |
| 45 | + |
| 46 | +Thank you for helping improve the security of this project. |
| 47 | + |
| 48 | + |
0 commit comments