-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
44 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| # Security Policy | ||
|
|
||
| ## Supported Versions | ||
|
|
||
| The following versions of `xlwings-server` are actively maintained and supported with security patches: | ||
|
|
||
| | Version | Supported | | ||
| | ------------ | ------------------ | | ||
| | latest | ✅ | | ||
| | older | ❌ | | ||
|
|
||
| If you are using an unsupported version, we recommend upgrading to a supported release to receive security updates. | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| If you believe you have found a security vulnerability in `xlwings-server`, we appreciate your efforts to responsibly disclose the details. To report a vulnerability: | ||
|
|
||
| 1. **Do not open an issue:** Please avoid publicly disclosing security-related information by opening a GitHub issue. This helps us prevent potential malicious exploitation. | ||
|
|
||
| 2. **Contact our security team:** Send a detailed report of the vulnerability to our security team via [[email protected]](mailto:[email protected]). | ||
|
|
||
| 3. **Include the following in your report:** | ||
| - Description of the vulnerability | ||
| - Steps to reproduce the issue | ||
| - Any affected versions or configurations | ||
| - Relevant logs, output, or screenshots (if available) | ||
| - Your recommended fix or solution, if applicable | ||
|
|
||
| We will confirm receipt of your report within 48 hours and begin investigating the issue. While we aim to resolve vulnerabilities as swiftly as possible, resolution timelines may vary based on severity and complexity. | ||
|
|
||
| ## Handling Vulnerabilities | ||
|
|
||
| We are committed to keeping `xlwings-server` secure. Upon confirming a vulnerability, our process is as follows: | ||
|
|
||
| 1. **Triage and Prioritization:** We assess and prioritize based on severity, impact, and affected components. | ||
| 2. **Patch Development:** A fix is developed in private, tested, and prepared for release. | ||
| 3. **Release of Patch and Advisory:** We issue a security patch and an advisory explaining the vulnerability and its resolution. | ||
|
|
||
| ## Receiving Security Updates | ||
|
|
||
| To receive notifications about security updates and patches: | ||
|
|
||
| - **Watch the repository:** Enable watching for security updates on this repository’s settings. | ||
| - **Check for advisories:** We publish security advisories via the GitHub Security Advisories feature. |