|
1 | 1 | # Security Policy |
2 | 2 |
|
3 | | -## Reporting a vulnerability |
| 3 | +## Supported Versions |
4 | 4 |
|
5 | | -Please do not file public GitHub issues for security-sensitive reports. |
| 5 | +Security fixes are prioritized for the latest stable release line. |
| 6 | +Older versions may receive fixes on a best-effort basis. |
6 | 7 |
|
7 | | -Instead, report vulnerabilities privately using one of the following channels: |
8 | 8 |
|
9 | | -- GitHub Security Advisories: https://github.com/hauntedmc/mcserver/security/advisories/new |
10 | | -- Support form: https://hauntedmc.nl/support |
11 | | -- Email: contact@remyduijsens.com |
| 9 | +## Reporting a Vulnerability |
12 | 10 |
|
13 | | -When reporting, please include: |
| 11 | +Please do not open public issues for security vulnerabilities. |
14 | 12 |
|
15 | | -- a description of the issue; |
16 | | -- the affected version or tag; |
17 | | -- reproduction steps or proof of concept, if available; and |
18 | | -- any suggested remediation or mitigation. |
| 13 | +Use one of the following private channels: |
| 14 | + |
| 15 | +- GitHub Security Advisory: `Security` tab in this repository |
| 16 | +- HauntedMC support: https://www.hauntedmc.nl/support |
| 17 | + |
| 18 | +Include: |
| 19 | + |
| 20 | +- Affected version(s) |
| 21 | +- Reproduction steps / proof of concept |
| 22 | +- Impact assessment |
| 23 | +- Any proposed mitigation |
| 24 | + |
| 25 | + |
| 26 | +## What to Expect |
| 27 | + |
| 28 | +- We acknowledge reports as quickly as practical. |
| 29 | +- We validate impact, prioritize by severity, and prepare a fix. |
| 30 | +- We coordinate disclosure after a fix or mitigation is available. |
| 31 | + |
| 32 | + |
| 33 | +## Disclosure |
| 34 | + |
| 35 | +Please allow maintainers time to validate and patch before public disclosure. |
0 commit comments