diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md deleted file mode 100644 index 9cebaf3..0000000 --- a/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,145 +0,0 @@ - - - -# Contributor Covenant Code of Conduct - -## Our Pledge - -We as members, contributors, and leaders pledge to make participation in our -community a harassment-free experience for everyone, regardless of age, body -size, visible or invisible disability, ethnicity, sex characteristics, gender -identity and expression, level of experience, education, socio-economic status, -nationality, personal appearance, race, caste, color, religion, or sexual -identity and orientation. - -We pledge to act and interact in ways that contribute to an open, welcoming, -diverse, inclusive, and healthy community. - -## Our Standards - -Examples of behavior that contributes to a positive environment for our -community include: - -- Demonstrating empathy and kindness toward other people -- Being respectful of differing opinions, viewpoints, and experiences -- Giving and gracefully accepting constructive feedback -- Accepting responsibility and apologizing to those affected by our mistakes, - and learning from the experience -- Focusing on what is best not just for us as individuals, but for the overall - community - -Examples of unacceptable behavior include: - -- The use of sexualized language or imagery, and sexual attention or advances of - any kind -- Trolling, insulting or derogatory comments, and personal or political attacks -- Public or private harassment -- Publishing others' private information, such as a physical or email address, - without their explicit permission -- Other conduct which could reasonably be considered inappropriate in a - professional setting - -## Open Source Community Support - -Ory Open source software is collaborative and based on contributions by -developers in the Ory community. There is no obligation from Ory to help with -individual problems. If Ory open source software is used in production in a -for-profit company or enterprise environment, we mandate a paid support contract -where Ory is obligated under their service level agreements (SLAs) to offer a -defined level of availability and responsibility. For more information about -paid support please contact us at sales@ory.sh. - -## Enforcement Responsibilities - -Community leaders are responsible for clarifying and enforcing our standards of -acceptable behavior and will take appropriate and fair corrective action in -response to any behavior that they deem inappropriate, threatening, offensive, -or harmful. - -Community leaders have the right and responsibility to remove, edit, or reject -comments, commits, code, wiki edits, issues, and other contributions that are -not aligned to this Code of Conduct, and will communicate reasons for moderation -decisions when appropriate. - -## Scope - -This Code of Conduct applies within all community spaces, and also applies when -an individual is officially representing the community in public spaces. -Examples of representing our community include using an official e-mail address, -posting via an official social media account, or acting as an appointed -representative at an online or offline event. - -## Enforcement - -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported to the community leaders responsible for enforcement at -[office@ory.sh](mailto:office@ory.sh). All complaints will be reviewed and -investigated promptly and fairly. - -All community leaders are obligated to respect the privacy and security of the -reporter of any incident. - -## Enforcement Guidelines - -Community leaders will follow these Community Impact Guidelines in determining -the consequences for any action they deem in violation of this Code of Conduct: - -### 1. Correction - -**Community Impact**: Use of inappropriate language or other behavior deemed -unprofessional or unwelcome in the community. - -**Consequence**: A private, written warning from community leaders, providing -clarity around the nature of the violation and an explanation of why the -behavior was inappropriate. A public apology may be requested. - -### 2. Warning - -**Community Impact**: A violation through a single incident or series of -actions. - -**Consequence**: A warning with consequences for continued behavior. No -interaction with the people involved, including unsolicited interaction with -those enforcing the Code of Conduct, for a specified period of time. This -includes avoiding interactions in community spaces as well as external channels -like social media. Violating these terms may lead to a temporary or permanent -ban. - -### 3. Temporary Ban - -**Community Impact**: A serious violation of community standards, including -sustained inappropriate behavior. - -**Consequence**: A temporary ban from any sort of interaction or public -communication with the community for a specified period of time. No public or -private interaction with the people involved, including unsolicited interaction -with those enforcing the Code of Conduct, is allowed during this period. -Violating these terms may lead to a permanent ban. - -### 4. Permanent Ban - -**Community Impact**: Demonstrating a pattern of violation of community -standards, including sustained inappropriate behavior, harassment of an -individual, or aggression toward or disparagement of classes of individuals. - -**Consequence**: A permanent ban from any sort of public interaction within the -community. - -## Attribution - -This Code of Conduct is adapted from the [Contributor Covenant][homepage], -version 2.1, available at -[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. - -Community Impact Guidelines were inspired by [Mozilla's code of conduct -enforcement ladder][mozilla coc]. - -For answers to common questions about this code of conduct, see the FAQ at -[https://www.contributor-covenant.org/faq][faq]. Translations are available at -[https://www.contributor-covenant.org/translations][translations]. - -[homepage]: https://www.contributor-covenant.org -[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html -[mozilla coc]: https://github.com/mozilla/diversity -[faq]: https://www.contributor-covenant.org/faq -[translations]: https://www.contributor-covenant.org/translations diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index 030a8c2..0000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,271 +0,0 @@ - - - -# Contribute to Ory client-js - - - - -- [Introduction](#introduction) -- [FAQ](#faq) -- [How can I contribute?](#how-can-i-contribute) -- [Communication](#communication) -- [Contribute examples](#contribute-examples) -- [Contribute code](#contribute-code) -- [Contribute documentation](#contribute-documentation) -- [Disclosing vulnerabilities](#disclosing-vulnerabilities) -- [Code style](#code-style) - - [Working with forks](#working-with-forks) -- [Conduct](#conduct) - - - -## Introduction - -_Please note_: We take Ory client-js's security and our users' trust very -seriously. If you believe you have found a security issue in Ory client-js, -please disclose it by contacting us at security@ory.sh. - -There are many ways in which you can contribute. The goal of this document is to -provide a high-level overview of how you can get involved in Ory. - -As a potential contributor, your changes and ideas are welcome at any hour of -the day or night, on weekdays, weekends, and holidays. Please do not ever -hesitate to ask a question or send a pull request. - -If you are unsure, just ask or submit the issue or pull request anyways. You -won't be yelled at for giving it your best effort. The worst that can happen is -that you'll be politely asked to change something. We appreciate any sort of -contributions and don't want a wall of rules to get in the way of that. - -That said, if you want to ensure that a pull request is likely to be merged, -talk to us! You can find out our thoughts and ensure that your contribution -won't clash with Ory -client-js's direction. A great way to -do this is via -[Ory client-js Discussions](https://github.com/orgs/ory/discussions) -or the [Ory Chat](https://www.ory.sh/chat). - -## FAQ - -- I am new to the community. Where can I find the - [Ory Community Code of Conduct?](https://github.com/ory/client-js/blob/master/CODE_OF_CONDUCT.md) - -- I have a question. Where can I get - [answers to questions regarding Ory client-js?](#communication) - -- I would like to contribute but I am not sure how. Are there - [easy ways to contribute?](#how-can-i-contribute) - [Or good first issues?](https://github.com/search?l=&o=desc&q=label%3A%22help+wanted%22+label%3A%22good+first+issue%22+is%3Aopen+user%3Aory+user%3Aory-corp&s=updated&type=Issues) - -- I want to talk to other Ory client-js users. - [How can I become a part of the community?](#communication) - -- I would like to know what I am agreeing to when I contribute to Ory - client-js. - Does Ory have - [a Contributors License Agreement?](https://cla-assistant.io/ory/client-js) - -- I would like updates about new versions of Ory client-js. - [How are new releases announced?](https://www.ory.sh/l/sign-up-newsletter) - -## How can I contribute? - -If you want to start to contribute code right away, take a look at the -[list of good first issues](https://github.com/ory/client-js/labels/good%20first%20issue). - -There are many other ways you can contribute. Here are a few things you can do -to help out: - -- **Give us a star.** It may not seem like much, but it really makes a - difference. This is something that everyone can do to help out Ory client-js. - Github stars help the project gain visibility and stand out. - -- **Join the community.** Sometimes helping people can be as easy as listening - to their problems and offering a different perspective. Join our Slack, have a - look at discussions in the forum and take part in community events. More info - on this in [Communication](#communication). - -- **Answer discussions.** At all times, there are several unanswered discussions - on GitHub. You can see an - [overview here](https://github.com/discussions?discussions_q=is%3Aunanswered+org%3Aory+sort%3Aupdated-desc). - If you think you know an answer or can provide some information that might - help, please share it! Bonus: You get GitHub achievements for answered - discussions. - -- **Help with open issues.** We have a lot of open issues for Ory client-js and - some of them may lack necessary information, some are duplicates of older - issues. You can help out by guiding people through the process of filling out - the issue template, asking for clarifying information or pointing them to - existing issues that match their description of the problem. - -- **Review documentation changes.** Most documentation just needs a review for - proper spelling and grammar. If you think a document can be improved in any - way, feel free to hit the `edit` button at the top of the page. More info on - contributing to the documentation [here](#contribute-documentation). - -- **Help with tests.** Pull requests may lack proper tests or test plans. These - are needed for the change to be implemented safely. - -## Communication - -We use [Slack](https://www.ory.sh/chat). You are welcome to drop in and ask -questions, discuss bugs and feature requests, talk to other users of Ory, etc. - -Check out [Ory client-js Discussions](https://github.com/orgs/ory/discussions). This is a great place for -in-depth discussions and lots of code examples, logs and similar data. - -You can also join our community calls if you want to speak to the Ory team -directly or ask some questions. You can find more info and participate in -[Slack](https://www.ory.sh/chat) in the #community-call channel. - -If you want to receive regular notifications about updates to Ory client-js, -consider joining the mailing list. We will _only_ send you vital information on -the projects that you are interested in. - -Also, [follow us on Twitter](https://twitter.com/orycorp). - -## Contribute examples - -One of the most impactful ways to contribute is by adding examples. You can find -an overview of examples using Ory services on the -[documentation examples page](https://www.ory.sh/docs/examples). Source code for -examples can be found in most cases in the -[ory/examples](https://github.com/ory/examples) repository. - -_If you would like to contribute a new example, we would love to hear from you!_ - -Please [open an issue](https://github.com/ory/examples/issues/new/choose) to -describe your example before you start working on it. We would love to provide -guidance to make for a pleasant contribution experience. Go through this -checklist to contribute an example: - -1. Create a GitHub issue proposing a new example and make sure it's different - from an existing one. -1. Fork the repo and create a feature branch off of `master` so that changes do - not get mixed up. -1. Add a descriptive prefix to commits. This ensures a uniform commit history - and helps structure the changelog. Please refer to this - [Convential Commits configuration](https://github.com/ory/client-js/blob/master/.github/workflows/conventional_commits.yml) - for the list of accepted prefixes. You can read more about the Conventional - Commit specification - [at their site](https://www.conventionalcommits.org/en/v1.0.0/). -1. Create a `README.md` that explains how to use the example. (Use - [the README template](https://github.com/ory/examples/blob/master/_common/README.md)). -1. Open a pull request and maintainers will review and merge your example. - -## Contribute code - -Unless you are fixing a known bug, we **strongly** recommend discussing it with -the core team via a GitHub issue or [in our chat](https://www.ory.sh/chat) -before getting started to ensure your work is consistent with Ory client-js's -roadmap and architecture. - -All contributions are made via pull requests. To make a pull request, you will -need a GitHub account; if you are unclear on this process, see GitHub's -documentation on [forking](https://help.github.com/articles/fork-a-repo) and -[pull requests](https://help.github.com/articles/using-pull-requests). Pull -requests should be targeted at the `master` branch. Before creating a pull -request, go through this checklist: - -1. Create a feature branch off of `master` so that changes do not get mixed up. -1. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local - changes against the `master` branch. -1. Run the full project test suite with the `go test -tags sqlite ./...` (or - equivalent) command and confirm that it passes. -1. Run `make format` -1. Add a descriptive prefix to commits. This ensures a uniform commit history - and helps structure the changelog. Please refer to this - [Convential Commits configuration](https://github.com/ory/client-js/blob/master/.github/workflows/conventional_commits.yml) - for the list of accepted prefixes. You can read more about the Conventional - Commit specification - [at their site](https://www.conventionalcommits.org/en/v1.0.0/). - -If a pull request is not ready to be reviewed yet -[it should be marked as a "Draft"](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request). - -Before your contributions can be reviewed you need to sign our -[Contributor License Agreement](https://cla-assistant.io/ory/client-js). - -This agreement defines the terms under which your code is contributed to Ory. -More specifically it declares that you have the right to, and actually do, grant -us the rights to use your contribution. You can see the Apache 2.0 license under -which our projects are published -[here](https://github.com/ory/meta/blob/master/LICENSE). - -When pull requests fail the automated testing stages (for example unit or E2E -tests), authors are expected to update their pull requests to address the -failures until the tests pass. - -Pull requests eligible for review - -1. follow the repository's code formatting conventions; -2. include tests that prove that the change works as intended and does not add - regressions; -3. document the changes in the code and/or the project's documentation; -4. pass the CI pipeline; -5. have signed our - [Contributor License Agreement](https://cla-assistant.io/ory/client-js); -6. include a proper git commit message following the - [Conventional Commit Specification](https://www.conventionalcommits.org/en/v1.0.0/). - -If all of these items are checked, the pull request is ready to be reviewed and -you should change the status to "Ready for review" and -[request review from a maintainer](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review). - -Reviewers will approve the pull request once they are satisfied with the patch. - -## Contribute documentation - -Please provide documentation when changing, removing, or adding features. All -Ory Documentation resides in the -[Ory documentation repository](https://github.com/ory/docs/). For further -instructions please head over to the Ory Documentation -[README.md](https://github.com/ory/docs/blob/master/README.md). - -## Disclosing vulnerabilities - -Please disclose vulnerabilities exclusively to -[security@ory.sh](mailto:security@ory.sh). Do not use GitHub issues. - -## Code style - -Please run `make format` to format all source code following the Ory standard. - -### Working with forks - -```bash -# First you clone the original repository -git clone git@github.com:ory/ory/client-js.git - -# Next you add a git remote that is your fork: -git remote add fork git@github.com:/ory/client-js.git - -# Next you fetch the latest changes from origin for master: -git fetch origin -git checkout master -git pull --rebase - -# Next you create a new feature branch off of master: -git checkout my-feature-branch - -# Now you do your work and commit your changes: -git add -A -git commit -a -m "fix: this is the subject line" -m "This is the body line. Closes #123" - -# And the last step is pushing this to your fork -git push -u fork my-feature-branch -``` - -Now go to the project's GitHub Pull Request page and click "New pull request" - -## Conduct - -Whether you are a regular contributor or a newcomer, we care about making this -community a safe place for you and we've got your back. - -[Ory Community Code of Conduct](https://github.com/ory/client-js/blob/master/CODE_OF_CONDUCT.md) - -We welcome discussion about creating a welcoming, safe, and productive -environment for the community. If you have any questions, feedback, or concerns -[please let us know](https://www.ory.sh/chat). diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 261eeb9..0000000 --- a/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index 6104514..0000000 --- a/SECURITY.md +++ /dev/null @@ -1,56 +0,0 @@ - - - -# Ory Security Policy - -This policy outlines Ory's security commitments and practices for users across -different licensing and deployment models. - -To learn more about Ory's security service level agreements (SLAs) and -processes, please [contact us](https://www.ory.sh/contact/). - -## Ory Network Users - -- **Security SLA:** Ory addresses vulnerabilities in the Ory Network according - to the following guidelines: - - Critical: Typically addressed within 14 days. - - High: Typically addressed within 30 days. - - Medium: Typically addressed within 90 days. - - Low: Typically addressed within 180 days. - - Informational: Addressed as necessary. - These timelines are targets and may vary based on specific circumstances. -- **Release Schedule:** Updates are deployed to the Ory Network as - vulnerabilities are resolved. -- **Version Support:** The Ory Network always runs the latest version, ensuring - up-to-date security fixes. - -## Ory Enterprise License Customers - -- **Security SLA:** Ory addresses vulnerabilities based on their severity: - - Critical: Typically addressed within 14 days. - - High: Typically addressed within 30 days. - - Medium: Typically addressed within 90 days. - - Low: Typically addressed within 180 days. - - Informational: Addressed as necessary. - These timelines are targets and may vary based on specific circumstances. -- **Release Schedule:** Updates are made available as vulnerabilities are - resolved. Ory works closely with enterprise customers to ensure timely updates - that align with their operational needs. -- **Version Support:** Ory may provide security support for multiple versions, - depending on the terms of the enterprise agreement. - -## Apache 2.0 License Users - -- **Security SLA:** Ory does not provide a formal SLA for security issues under - the Apache 2.0 License. -- **Release Schedule:** Releases prioritize new functionality and include fixes - for known security vulnerabilities at the time of release. While major - releases typically occur one to two times per year, Ory does not guarantee a - fixed release schedule. -- **Version Support:** Security patches are only provided for the latest release - version. - -## Reporting a Vulnerability - -For details on how to report security vulnerabilities, visit our -[security policy documentation](https://www.ory.sh/docs/ecosystem/security).