36 lines
1.5 KiB
Markdown
36 lines
1.5 KiB
Markdown
|
# Security Policy
|
||
|
|
|
||
|
|
## Supported Versions
|
||
|
|
|
||
|
|
We are currently supporting the following versions of jBase with security updates:
|
||
|
|
|
||
|
|
| Version | Supported | Notes |
|
||
|
|
| ------- | ------------------ | ----- |
|
||
|
|
| 2.x | :white_check_mark: | Current major version |
|
||
|
|
| 1.x | :x: | End of Life |
|
||
|
|
|
||
|
|
## Reporting a Vulnerability
|
||
|
|
|
||
|
|
We take the security of jBase seriously. If you believe you have found a security vulnerability in this framework, please report it to us as described below.
|
||
|
|
|
||
|
|
**Please do not report security vulnerabilities through public GitHub issues.**
|
||
|
|
|
||
|
|
### How to Report
|
||
|
|
|
||
|
|
Please email the lead developer directly at: **[jbase@sven-minio.de]**
|
||
|
|
|
||
|
|
Please include the following details in your report:
|
||
|
|
* The version of jBase you are using.
|
||
|
|
* A description of the vulnerability.
|
||
|
|
* Steps to reproduce the issue (code snippets or a proof-of-concept are highly appreciated).
|
||
|
|
* Any potential impact you foresee.
|
||
|
|
|
||
|
|
### Our Response Policy
|
||
|
|
|
||
|
|
1. **Acknowledgment:** We will make every effort to acknowledge your report within 48 hours.
|
||
|
|
2. **Investigation:** We will investigate the issue and verify the vulnerability.
|
||
|
|
3. **Fix:** Once confirmed, we will work on a patch.
|
||
|
|
4. **Release:** We will release a new version (e.g., v2.0.3) containing the security fix.
|
||
|
|
5. **Disclosure:** After the fix is released and users have had time to update, we will publicly acknowledge your contribution (unless you wish to remain anonymous).
|
||
|
|
|
||
|
|
Thank you for helping keep jBase safe for everyone!
|