oppi.li
+38
SECURITY.md
+38
SECURITY.md
···
1
+
# go-git Security Policy
2
+
3
+
The purpose of this security policy is to outline `go-git`'s process
4
+
for reporting, handling and disclosing security sensitive information.
5
+
6
+
## Supported Versions
7
+
8
+
The project follows a version support policy where only the latest minor
9
+
release is actively supported. Therefore, only issues that impact the latest
10
+
minor release will be fixed. Users are encouraged to upgrade to the latest
11
+
minor/patch release to benefit from the most up-to-date features, bug fixes,
12
+
and security enhancements.
13
+
14
+
The supported versions policy applies to both the `go-git` library and its
15
+
associated repositories within the `go-git` org.
16
+
17
+
## Reporting Security Issues
18
+
19
+
Please report any security vulnerabilities or potential weaknesses in `go-git`
20
+
privately via go-git-security@googlegroups.com. Do not publicly disclose the
21
+
details of the vulnerability until a fix has been implemented and released.
22
+
23
+
During the process the project maintainers will investigate the report, so please
24
+
provide detailed information, including steps to reproduce, affected versions, and any mitigations if known.
25
+
26
+
The project maintainers will acknowledge the receipt of the report and work with
27
+
the reporter to validate and address the issue.
28
+
29
+
Please note that `go-git` does not have any bounty programs, and therefore do
30
+
not provide financial compensation for disclosures.
31
+
32
+
## Security Disclosure Process
33
+
34
+
The project maintainers will make every effort to promptly address security issues.
35
+
36
+
Once a security vulnerability is fixed, a security advisory will be published to notify users and provide appropriate mitigation measures.
37
+
38
+
All `go-git` advisories can be found at https://github.com/go-git/go-git/security/advisories.