mirror of
https://github.com/Kaelio/ktx.git
synced 2026-06-07 07:55:13 +02:00
73ef0afc13
Documents the private reporting channel (GitHub Security Advisories with support@kaelio.com as fallback), what reporters should include, and the supported-version policy. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
31 lines
1 KiB
Markdown
31 lines
1 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a vulnerability
|
|
|
|
If you believe you've found a security vulnerability in KTX, please report it
|
|
**privately** through GitHub Security Advisories:
|
|
|
|
[Report a vulnerability](https://github.com/Kaelio/ktx/security/advisories/new)
|
|
|
|
If you cannot use GitHub Security Advisories, email `support@kaelio.com`
|
|
instead. Please do **not** open a public issue, post in the KTX Slack, or
|
|
share details elsewhere until we have published a fix.
|
|
|
|
When reporting, please include:
|
|
|
|
- A description of the issue and its impact
|
|
- Steps to reproduce
|
|
- The KTX version affected
|
|
|
|
## What to expect
|
|
|
|
- We will acknowledge your report within a few business days.
|
|
- We will work with you to verify the issue and develop a fix.
|
|
- We will credit you in the resulting advisory unless you prefer to remain
|
|
anonymous.
|
|
|
|
## Supported versions
|
|
|
|
We provide security fixes for the latest released version of
|
|
[`@kaelio/ktx`](https://www.npmjs.com/package/@kaelio/ktx). Older versions
|
|
may receive fixes at the maintainers' discretion.
|