Skip to content

Latest commit

 

History

History
26 lines (19 loc) · 985 Bytes

SECURITY.md

File metadata and controls

26 lines (19 loc) · 985 Bytes

Security Policy

Supported Versions

We generally support fixing security issues in all sensible releases. We may decide not to fix them in very old releases, though.

Reporting a Vulnerability

If you’ve found a security issue in one of our packages, please send us an email to development [at] orca.ch instead of using the normal bug reporting system or any other form of notification.

Once we receive a vulnerability report, we first confirm to the reporter that we simply received the report.

Next, for each report, we try to confirm the vulnerability. Once confirmed, we will do the following:

  • Acknowledge to the reporter that we’ve confirmed the issue, and are working on a fix. We ask the reporter to keep the issue confidential until we announce a solution.
  • Get a fix/patch or workaround/guidance prepared.
  • Release new versions of all affected versions, if applicable.
  • Prominently feature the problem in the release description, if applicable.