ohmyzsh/SECURITY.md

23 lines
955 B
Markdown

# Security Policy
## Supported Versions
At the moment Oh My Zsh only considers the very latest commit to be supported.
We combine that with our fast response to incidents and the automated updates
to minimize the time between vulnerability publication and patch release.
| Version | Supported |
|:-------------- |:------------------ |
| master | :white_check_mark: |
| other commits | :x: |
In the near future we will introduce versioning, so expect this section to change.
## Reporting a Vulnerability
**Do not submit an issue or pull request**: this might reveal the vulnerability.
Instead, you should use the form to [privately report a vulnerability to us via GitHub](https://github.com/ohmyzsh/ohmyzsh/security/advisories/new)
or email the maintainers directly at: [**security@ohmyz.sh**](mailto:security@ohmyz.sh).
We will deal with the vulnerability privately and submit a patch as soon as possible.