-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
25 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,12 +2,32 @@ | |
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| If you discover a security vulnerability within **SwaggerUI.Themes**, we appreciate your help in disclosing it to us in a responsible manner. | ||
| We take the security of our repository seriously. If you discover a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner. Please do not report security vulnerabilities using public GitHub issues. | ||
|
|
||
| ### Reporting Steps: | ||
| To report a vulnerability, please use the [GitHub Private Vulnerability Reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) feature. This feature ensures that your report is only visible to the repository maintainers and GitHub's security team. | ||
|
|
||
| 1. **DO NOT create an issue**: publicly disclosing a security vulnerability could put the project at risk. Please report it privately; | ||
| ### Steps to Report a Vulnerability | ||
|
|
||
| 2. **Contact the maintainer**: send an email to [@teociaps](mailto:[email protected]). Use the subject line: _"[SwaggerUI.Themes] Security Vulnerability"_; | ||
| 1. [Report the vulnerability here](https://github.com/teociaps/SwaggerUI.Themes/security/advisories/new) | ||
| 2. Fill in the details of the vulnerability. Please provide as much information as possible to help us understand and resolve the issue promptly. | ||
| 3. Submit the report. | ||
|
|
||
| 3. **Provide details**: in your email, provide detailed information about the vulnerability, including steps to reproduce it. | ||
| Once we receive your report, we will: | ||
|
|
||
| - Acknowledge the receipt of your vulnerability report within 48 hours. | ||
| - Communicate with you to confirm the vulnerability and gather any necessary information. | ||
| - Take the necessary steps to resolve the issue as quickly as possible, and inform you when the issue has been fixed. | ||
|
|
||
| ## Preferred Languages | ||
|
|
||
| Please submit your vulnerability reports in English. | ||
|
|
||
| ## Timeline for Fixes | ||
|
|
||
| We are committed to resolving security issues promptly and will make every effort to address them in a timely manner. However, the time frame for fixes may vary depending on the complexity and severity of the issue. | ||
|
|
||
| ## Scope | ||
|
|
||
| The security policy applies to the code in this repository and any of its dependencies or related services. Please do not report vulnerabilities related to third-party services or libraries unless they are directly included in our repository. | ||
|
|
||
| Thank you for helping to keep our project secure! | ||