Skip to content

Latest commit

 

History

History
15 lines (8 loc) · 1.46 KB

SECURITY.md

File metadata and controls

15 lines (8 loc) · 1.46 KB

Security policy

This document defines how security vulnerability reporting is handled for this project. The approach aligns with the LF Decentralized Trust security policy. Please review that document to understand the basis of the security reporting for this project. Details specific to this repository are documented below.

Supported versions

The latest release version is supported with security updates. To address any security vulnerabilities found in previous releases, you should update to the latest release.

Reporting a vulnerability

Suspected security vulnerabilities in this project can be reported using the repository's security advisories page. Guidance can be found in the GitHub documentation on privately reporting a security vulnerability. The maintainers will work with you to confirm the vulnerability, deliver a fix, and then release a security bulletin.

Vulnerabilities in dependencies

Dependencies are regularly scanned for published security vulnerabilities, and these are addressed as soon as practical. In general it should not be necessary to report vulnerabilities in project dependencies.