This document outlines security procedures and general policies for the
lazy-cart project.
The lazy-cart team and community take all security bugs in
lazy-cart seriously. Thank you for improving the security of
lazy-cart. We appreciate your efforts and responsible disclosure and
will make every effort to acknowledge your contributions.
When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
- Confirm the problem and determine the affected versions.
- Audit code to find any potential similar problems.
- Prepare fixes for all releases still under maintenance. These fixes will be released as quickly as possible.
If you have suggestions on how this process could be improved please submit a pull request.