Skip to content

Security: Valentin-Kaiser/go-dbase

SECURITY.md

Security Policy

Supported Versions

I am dedicated to ensure the security of go-dbase. To achieve this, I follow the Semantic Versioning (SemVer) scheme, where revisions are in the format "major.minor.patch". I will release patches for any security vulnerabilities that are discovered in the latest major or minor release.

Version Supported
5.1.x
5.0.x
4.0.x
< 4.0

Reporting a Vulnerability

I take the security of this project very seriously. If you discover a security vulnerability, I appreciate your responsible disclosure. To report a vulnerability, please follow these steps:

  1. Email: Send an email to [email protected] with all the details regarding the vulnerability.
  2. Subject: Use "[go-dbase Vulnerability Report]" as the subject line to help me prioritize and identify your report.
  3. Vulnerability Details: Please provide a clear and detailed description of the vulnerability, along with the potential impact it may have.
  4. Reproducibility: If possible, include step-by-step instructions to reproduce the vulnerability.
  5. Versions Affected: Specify which versions of the project are affected by the vulnerability.
  6. Your Contact: Include your name, email address, and any other contact information you wish to share.

Response and Resolution

Once I receive the vulnerability report, I will acknowledge its receipt within 72 hours. I will conduct an initial review to validate the vulnerability and determine its severity.

If the vulnerability is accepted:

  • Fixing Process: I will prioritize developing a patch for the vulnerability.
  • Release Timeline: The patch will be included in the next available release within a reasonable timeframe. Please note that the release cycle might vary, but I will prioritize security fixes.
  • Credit: If you desire, I will acknowledge your contribution and give you credit for responsibly reporting the vulnerability.

If the vulnerability is declined:

  • Reasoning: I will provide a reason for the rejection and explain why the reported issue does not qualify as a security vulnerability.

Security Updates

To ensure the security of go-dbase, it is crucial that all users update to the latest supported version promptly. Users of older versions that are no longer supported are strongly recommended to upgrade to a supported version to stay protected against potential security threats.

Thank you for helping me make go-dbase more secure. Your cooperation and responsible disclosure are essential to maintaining the integrity and trustworthiness of this project.

Please note that this security policy is subject to change over time, so it is advisable to check this document periodically for any updates.

Last Updated: August 1, 2023.

There aren’t any published security advisories