CopyBot/Red-DiscordBot
1
0
Fork 0
mirror of https://github.com/Cog-Creators/Red-DiscordBot.git synced 2025-11-06 11:18:54 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add SECURITY.md to the repo (#5929)

Browse Source 
Co-authored-by: Jakub Kuczys <me@jacken.men>
This commit is contained in:
Kowlin 2022-12-25 15:40:35 +01:00 committed by GitHub
parent 9bfc3ecbce
commit 0e58897bfc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
SECURITY.md Normal file
View File

@ -0,0 +1,38 @@
# Security Policy
## Supported Versions
The table below explains the current state of our versions. Currently, only version
3.4 and higher are supported and receive security updates. Versions lower than 3.4
are considered End of Life and will not receive any security updates.
| Version | Branch | Security Updates | End of Life |
|---------------|------------|--------------------|--------------------|
| < 2.0 | master | :x: | :white_check_mark: |
| >= 2.0, < 3.0 | develop | :x: | :white_check_mark: |
| >= 3.0, < 3.4 | V3/develop | :x: | :white_check_mark: |
| >= 3.4 | V3/develop | :white_check_mark: | :x: |
## Reporting a Vulnerability
For reporting vulnerabilities within Red-DiscordBot we make use of GitHub's
private vulnerability reporting feature (More information can be found
[here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability)).
This ensures that all maintainers and key members have access to the reported
vulnerability.
### Opening a Vulnerability Report
To open a vulnerability report please fill out [this form](https://github.com/Cog-Creators/Red-DiscordBot/security/advisories/new)
You will be asked to provide a summary, details and proof of concept for your vulnerability report.
We ask that you fill out this form to the best of your ability, with as many details as possible.
Furthermore, you'll be asked to provide affected products and severity.
These fields are optional and will be filled appropriately by the maintainers if not provided.
### Timeline
We will try to answer your report within 7 days. If you haven't received an answer by then, we suggest you reach
out to us privately. This can best be done via our [Discord server](https://discord.gg/red), and contacting
a member who has the Staff role.