39 lines
1.6 KiB
Markdown
39 lines
1.6 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
We provide security fixes for the latest minor release line.
|
|
|
|
| Version | Supported |
|
|
|------------|-----------|
|
|
| v1.5.x | ✅ |
|
|
| < v1.5.0 | ❌ |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you discover a security vulnerability, please do not open a public issue. Instead, follow these steps:
|
|
|
|
1. **Email Us Privately:**
|
|
Send an email to [security@filerise.net](mailto:security@filerise.net) with the subject line “[FileRise] Security Vulnerability Report”.
|
|
|
|
2. **Include Details:**
|
|
Provide a detailed description of the vulnerability, steps to reproduce it, and any other relevant information (e.g., affected versions, screenshots, logs).
|
|
|
|
3. **Secure Communication (Optional):**
|
|
If you wish to discuss the vulnerability securely, you can use our PGP key. You can obtain our PGP key by emailing us, and we will send it upon request.
|
|
|
|
## Disclosure Policy
|
|
|
|
- **Acknowledgement:**
|
|
We will acknowledge receipt of your report within 48 hours.
|
|
|
|
- **Resolution Timeline:**
|
|
We aim to fix confirmed vulnerabilities within 30 days. In cases where a delay is necessary, we will communicate updates to you directly.
|
|
|
|
- **Public Disclosure:**
|
|
After a fix is available, details of the vulnerability will be disclosed publicly in a way that does not compromise user security.
|
|
|
|
## Additional Information
|
|
|
|
We appreciate responsible disclosure of vulnerabilities and thank all researchers who help keep FileRise secure. For any questions related to this policy, please contact us at [admin@filerise.net](mailto:admin@filerise.net).
|