Merge pull request #1365 from urfave/security-policy-doc

Add a security policy document
This commit is contained in:
Dan Buch 2022-05-22 09:53:13 -04:00 committed by GitHub
commit 939ab7f9e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 5 deletions

View File

@ -55,11 +55,12 @@ further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting Dan Buch at dan@meatballhat.com. All complaints will be
reviewed and investigated and will result in a response that is deemed necessary
and appropriate to the circumstances. The project team is obligated to maintain
confidentiality with regard to the reporter of an incident. Further details of
specific enforcement policies may be posted separately.
reported by contacting urfave-governance@googlegroups.com, a members-only group
that is world-postable. All complaints will be reviewed and investigated and
will result in a response that is deemed necessary and appropriate to the
circumstances. The project team is obligated to maintain confidentiality with
regard to the reporter of an incident. Further details of specific enforcement
policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other

27
docs/SECURITY.md Normal file
View File

@ -0,0 +1,27 @@
# Security Policy
Hello and thank you for your interest in the `urfave/cli` security
policy! :tada: :lock:
## Supported Versions
| Version | Supported |
| ------------ | ------------------------------------- |
| `>= v2.3.x` | :white_check_mark: |
| `< v2.3` | :x: |
| `>= v1.22.x` | :white_check_mark: :lady_beetle: [^1] |
| `< v1.22` | :x: |
## Reporting a Vulnerability
Please disclose any vulnerabilities by sending an email to:
[urfave-security@googlegroups.com](mailto:urfave-security@googlegroups.com)
You should expect a response within 48 hours and further
communications to be decided via email. The `urfave/cli` maintainer
team comprises volunteers who contribute when possible, so please
have patience :bow:
[^1]: The `v1.22.x` series will receive bug fixes and security
patches only.