mirror of https://github.com/zulip/zulip.git
docs: Create GitHub SECURITY.md file.
It seems worth participating in this GitHub standard.
This commit is contained in:
parent
42f2399155
commit
ab918c139b
|
@ -0,0 +1,28 @@
|
||||||
|
# Security Policy
|
||||||
|
|
||||||
|
Security announcements are sent to zulip-announce@googlegroups.com,
|
||||||
|
so you should subscribe if you are running Zulip in production.
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
We love responsible reports of (potential) security issues in Zulip,
|
||||||
|
whether in the latest release or our development branch.
|
||||||
|
|
||||||
|
Our security contact is security@zulip.com. Reporters should expect a
|
||||||
|
response within 24 hours.
|
||||||
|
|
||||||
|
Please include details on the issue and how you'd like to be credited
|
||||||
|
in our release notes when we publish the fix.
|
||||||
|
|
||||||
|
Our [security
|
||||||
|
model](https://zulip.readthedocs.io/en/latest/production/security-model.html)
|
||||||
|
document may be a helpful resource.
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
Zulip provides security support for the latest major release, in the
|
||||||
|
form of minor security/maintenance releases.
|
||||||
|
|
||||||
|
We work hard to make
|
||||||
|
[upgrades](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-to-a-release)
|
||||||
|
reliable, so that there's no reason to run older major releases.
|
Loading…
Reference in New Issue