32 lines
1.5 KiB
Markdown
32 lines
1.5 KiB
Markdown
|
# Security Policy
|
||
|
|
|
||
|
|
## Supported Versions
|
||
|
|
|
||
|
|
Please check the table below for the supported versions that are currently receiving security updates.
|
||
|
|
|
||
|
|
| Version | Supported |
|
||
|
|
| ------- | ------------------ |
|
||
|
|
| `main` / `develop` | :white_check_mark: |
|
||
|
|
| `< 1.0.0` | :x: |
|
||
|
|
|
||
|
|
*(Note: Adjust the table above to reflect MemPalace's actual release cycle)*
|
||
|
|
|
||
|
|
## Reporting a Vulnerability
|
||
|
|
|
||
|
|
**Please do not report security vulnerabilities through public GitHub issues.**
|
||
|
|
|
||
|
|
We take the security of MemPalace seriously. If you believe you have found a security vulnerability, please report it to us privately using one of the following methods:
|
||
|
|
|
||
|
|
1. **GitHub Private Vulnerability Reporting:** Navigate to the "Security" tab in this repository, click on "Advisories," and select "Report a vulnerability."
|
||
|
|
2. **Direct Contact:** If private reporting is not enabled, please email the core maintainers directly at `[Insert Maintainer Email Here]`.
|
||
|
|
|
||
|
|
### What to include in your report:
|
||
|
|
* A descriptive summary of the vulnerability.
|
||
|
|
* Detailed steps to reproduce the issue (including any proof-of-concept scripts or specific file paths).
|
||
|
|
* The potential impact and severity of the vulnerability.
|
||
|
|
|
||
|
|
### What to expect:
|
||
|
|
* We aim to acknowledge receipt of your vulnerability report within 48 hours.
|
||
|
|
* We will triage the issue and keep you updated on our progress toward a patch.
|
||
|
|
* Once the vulnerability is resolved and an update is released, we will publish a security advisory and credit you for the discovery (if you wish to be credited).
|