PlanOpticon
|
1
|
# Security Policy |
|
2
|
|
|
3
|
## Reporting a Vulnerability |
|
4
|
|
|
5
|
If you discover a security vulnerability in PlanOpticon, we ask that you report it responsibly. **Please do not open a public GitHub issue for security vulnerabilities.** |
|
6
|
|
|
7
|
Instead, send an email to: |
|
8
|
|
|
9
|
**[email protected]** |
|
10
|
|
|
11
|
Include as much of the following information as possible: |
|
12
|
|
|
13
|
- A description of the vulnerability and its potential impact |
|
14
|
- Steps to reproduce the issue |
|
15
|
- Any relevant logs, screenshots, or proof-of-concept code |
|
16
|
- Your recommended fix, if you have one |
|
17
|
|
|
18
|
## What to Expect |
|
19
|
|
|
20
|
- **Acknowledgment:** We will acknowledge receipt of your report within 2 business days. |
|
21
|
- **Assessment:** We will investigate and assess the severity of the issue. We may reach out to you for additional details. |
|
22
|
- **Resolution:** We will work on a fix and coordinate disclosure with you. We aim to resolve critical issues within 14 days. |
|
23
|
- **Credit:** With your permission, we will credit you in the release notes for the fix. |
|
24
|
|
|
25
|
## Supported Versions |
|
26
|
|
|
27
|
We provide security updates for the latest minor release of PlanOpticon. We recommend always running the most recent version. |
|
28
|
|
|
29
|
| Version | Supported | |
|
30
|
|---------|-----------| |
|
31
|
| Latest | Yes | |
|
32
|
| Older | No | |
|
33
|
|
|
34
|
## Scope |
|
35
|
|
|
36
|
This security policy covers the PlanOpticon application and its first-party code. Vulnerabilities in third-party dependencies should be reported to the respective upstream projects, though we appreciate being notified so we can update our dependencies promptly. |
|
37
|
|
|
38
|
## Thank You |
|
39
|
|
|
40
|
We value the security research community and appreciate the effort that goes into finding and responsibly disclosing vulnerabilities. Thank you for helping keep PlanOpticon and its users safe. |
|
41
|
|