diff options
Diffstat (limited to '.github/SECURITY.md')
| -rw-r--r-- | .github/SECURITY.md | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/.github/SECURITY.md b/.github/SECURITY.md deleted file mode 100644 index e9b3458a..00000000 --- a/.github/SECURITY.md +++ /dev/null @@ -1,29 +0,0 @@ -# Security Policy - -## Supported Versions - -We provide security updates to the development branch and the stable -branches. Security patches for old releases are available on the -[project website](https://xz.tukaani.org/xz-utils/). - -## Reporting a Vulnerability - -If you discover a security vulnerability in this project, please -report it privately. **Do not disclose it as a public issue.** This gives -us time to work with you to fix the issue before public exposure, reducing -the chance that the exploit will be used before a patch is released. - -You may submit a report by emailing us at -[xz@tukaani.org](mailto:xz@tukaani.org), or through -[Security Advisories](https://github.com/tukaani-project/xz/security/advisories/new). -While both options are available, we prefer email. In any case, please -provide a clear description of the vulnerability including: - -- Affected versions of XZ Utils -- Estimated severity (low, moderate, high, critical) -- Steps to recreate the vulnerability -- All relevant files (core dumps, build logs, input files, etc.) - -This project is maintained by a team of volunteers on a reasonable-effort -basis. As such, please give us 90 days to work on a fix before -public exposure. |