From 2de5f0ea0a97edfe83fb2cd05f6022431e43b2ce Mon Sep 17 00:00:00 2001 From: Yusuke Kato Date: Fri, 16 Feb 2024 10:08:04 +0900 Subject: [PATCH] Create SECURITY.md (#2367) * Create SECURITY.md Signed-off-by: Yusuke Kato * style: format code with Gofumpt and Prettier This commit fixes the style issues introduced in e8609b0 according to the output from Gofumpt and Prettier. Details: https://github.com/vdaas/vald/pull/2367 --------- Signed-off-by: Yusuke Kato Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com> --- SECURITY.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..06a7f9cc23 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,30 @@ +# Security Policy + +## Supported Versions + +We currently offer security updates for the following Vald versions: + +| Version | Supported | +| ------- | ------------------ | +| v1.7.x | :white_check_mark: | +| v1.6.x | :white_check_mark: | +| < v1.6 | :x: | + +## Reporting a Vulnerability + +At Vald, we prioritize software security. If you discover a security vulnerability, please report it to vald@vdaas.org. + +When reporting a vulnerability, please provide: + +- A clear and concise description of the vulnerability. +- Steps to reproduce the issue. +- Any relevant versions or configurations to aid in diagnosing the problem. +- Any potential solutions or mitigations you may know of. + +We will assess your report promptly and respond as soon as possible. Once we reply, we will keep you informed about the fix progress and a comprehensive announcement. We value your responsible disclosure and will recognize your contributions. + +## Security Update Policy + +Our goal is to address all reported security issues promptly. Upon confirming a security concern, we will promptly release patch updates for the two most recent Vald minor versions. We advise all users to apply security updates as soon as they become available. + +Thank you for contributing to the safety of Vald and its users.