docs: add Security Policy

This commit is contained in:
Marc Cornellà 2021-11-03 18:21:04 +01:00 committed by GitHub
parent 9a02515c7c
commit 0520c2e309
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

22
SECURITY.md Normal file
View file

@ -0,0 +1,22 @@
# Security Policy
## Supported Versions
At the moment Oh My Zsh only considers the very latest commit to be supported.
We combine that with our fast response to incidents, so risk is minimized.
| Version | Supported |
|:-------------- |:------------------ |
| master | :white_check_mark: |
| other commits | :x: |
In the near future we will introduce versioning, so expect this section to change.
## Reporting a Vulnerability
If you find a vulnerability, email all the maintainers directly at:
- Robby: robby [at] planetargon.com
- Marc: hello [at] mcornella.com
**Do not open an issue or Pull Request directly**, because it might reveal the vulnerability.