diff --git a/.vscode/settings.json b/.vscode/settings.json index fd7656f7..99d1dcc4 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -52,6 +52,7 @@ "package.json": "package-lock.json, yarn.lock, .eslintrc.js, tsconfig.json, .prettierrc, .editorconfig", "pyproject.toml": "poetry.lock, alembic.ini, .pylintrc, .flake8", "netlify.toml": "runtime.txt", - "docker-compose.yml": "Dockerfile, .dockerignore, docker-compose.dev.yml, docker-compose.yml" + "docker-compose.yml": "Dockerfile, .dockerignore, docker-compose.dev.yml, docker-compose.yml", + "README.md": "LICENSE, SECURITY.md" } } diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..6b913632 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,9 @@ +# Security Policy + +## Supported Versions + +Since this software is still considered beta/WIP support is always only given for the latest version. Security patches are only available for the latest version and not back-ported to older versions. + +## Reporting a Vulnerability + +For general security vulnerabilities you're welcome to open a GitHub issues or contribute a fix. If you feel the vulnerability should not be disclosed you can open a generic issue on GitHub and email to the details to [ob92oy0sl@mozmail.com](mailto:ob92oy0sl@mozmail.com) which is monitored by the maintainer.