mirror of https://github.com/itflow-org/itflow
25 lines
1.5 KiB
Markdown
25 lines
1.5 KiB
Markdown
# Security Policy
|
|
|
|
## **Please do NOT report security concerns/vulnerabilities publicly (Issues/forum)**
|
|
|
|
**We take security seriously**
|
|
|
|
- Whilst we are confident in the safety of the code, no system is risk-free. Nearly all software has bugs. Use your best judgement before storing highly confidential information in ITFlow.
|
|
- We attempt to follow security best practices where possible, including [automated code scanning](https://sonarcloud.io/component_measures?id=itflow-org_itflow&metric=security_rating&view=list).
|
|
- [](https://sonarcloud.io/summary/new_code?id=itflow-org_itflow)
|
|
|
|
## Supported Versions
|
|
We operate a rolling release model. Any bug fixes will be released into latest version of ITFlow, so you must stay up-to-date.
|
|
|
|
| Version | Supported |
|
|
|---------| ------------------ |
|
|
| 25.05 | :white_check_mark: |
|
|
|
|
## Reporting a Vulnerability via GitHub Security Advisories
|
|
|
|
**Security contact: [GitHub Security Advisories](https://github.com/itflow-org/itflow/security/advisories/new)**
|
|
|
|
If you have discovered a security issue, please **[report it](https://github.com/itflow-org/itflow/security/advisories/new)** to us in as much detail as possible, so we can fix it.
|
|
|
|
You should expect to receive an initial acknowledgement within 72 hours. If you don't receive any feedback, we may have missed the initial email from GitHub (we're human!). Please raise a forum discussion quoting ONLY the assigned GHSA ref.
|