21 lines
1 KiB
Markdown
21 lines
1 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
The latest release of *dufs* is supported. The fixes for any security issues found will be included
|
|
in the next release.
|
|
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please [use *dufs*'s security advisory reporting tool provided by
|
|
GitHub](https://github.com/sigoden/dufs/security/advisories/new) to report security issues.
|
|
|
|
We strive to fix security issues as quickly as possible. Across the industry, often the developers'
|
|
slowness in developing and releasing a fix is the biggest delay in the process; we take pride in
|
|
minimizing this delay as much as we practically can. We encourage you to also minimize the delay
|
|
between when you find an issue and when you contact us. You do not need to convince us to take your
|
|
report seriously. You don't need to create a PoC or a patch if that would slow down your reporting.
|
|
You don't need an elaborate write-up. A short, informal note about the issue is good. We can always
|
|
communicate later to fill in any details we need after that first note is shared with us.
|
|
|