mirror of
https://github.com/fabriziosalmi/caddy-waf.git
synced 2025-12-23 22:27:46 -05:00
39 lines
1.2 KiB
Markdown
39 lines
1.2 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
| Version | Supported |
|
|
| ------- | ------------------ |
|
|
| v0.1.x | :white_check_mark: |
|
|
| < 0.1.0 | :x: |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
We take the security of `caddy-waf` seriously. If you find a vulnerability, please report it!
|
|
|
|
### How to Report
|
|
|
|
Please do **NOT** open a public issue on GitHub. Instead, report the vulnerability via:
|
|
|
|
1. **Email**: Send the details to the maintainer (fabrizio.salmi@gmail.com).
|
|
2. **GitHub Private Advisory**: Open a private advisory draft on this repository if you have permissions, or contact the maintainer to enable it.
|
|
|
|
### Required Information
|
|
|
|
When reporting a vulnerability, please include:
|
|
|
|
- A description of the vulnerability.
|
|
- Steps to reproduce the issue (PoC code is helpful).
|
|
- Impact of the vulnerability.
|
|
- Affected versions.
|
|
|
|
### Response Timeline
|
|
|
|
- We will acknowledge your report within 48 hours.
|
|
- We will provide an estimated timeline for the fix within 1 week.
|
|
- We will release a patch as soon as possible.
|
|
|
|
### Credit
|
|
|
|
We will credit you in the release notes and changelog for responsibly disclosing vulnerabilities, unless you prefer to remain anonymous.
|