This document outlines security procedures and general policies for the dsh-sdk-platform-rs project.
The following versions of this project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 0.4.x | ✅ |
| 0.3.x | ❌ |
| 0.2.x | ❌ |
| 0.1.x | ❌ |
If you have found a vulnerability or bug, you can report it to unibox@kpn.com.
When reporting a vulnerability, please include the following information:
- Description of the vulnerability
- Steps to reproduce (if applicable)
- Affected versions
- Potential impact of the vulnerability
- Any additional information of context
When a vulnerability is reported, the following process will be followed:
- The vulnerability will be evaluated by the maintainers and aknowledged within 3 business days
- The maintainers will determine the severity of the vulnerability and the impact on the project
- The maintainers will update the issue with the above information
- The maintainers will create a fix for the vulnerability
- The maintainers will release a new version with the fix and post a security advisory on the GitHub repo with the following information:
- Description of the vulnerability
- Affected versions
- Fixed versions
- Severity of the vulnerability
- Potential impact of the vulnerability
- Any additional information of context
We appreciate contributions to our security and, where appropriate, will offer credit in release notes.