Navy.gif/owncast
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add SECURITY.md document. Closes #1790

Browse Source
This commit is contained in:
Gabe Kangas 2022-03-19 11:51:45 -07:00
parent 496eee295c
commit 5d360bcdd5
No known key found for this signature in database
GPG Key ID: 9A56337728BC81EA
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
doc/SECURITY.md Normal file
View File

@ -0,0 +1,19 @@
# Security Policy
Owncast appreciates efforts to improve the security of the software
and follow the [GitHub coordinated disclosure of security vulnerabilities](https://docs.github.com/en/code-security/security-advisories/about-coordinated-disclosure-of-security-vulnerabilities#about-reporting-and-disclosing-vulnerabilities-in-projects-on-github)
for responsible disclosure and prompt mitigation.
## Supported Versions
The latest version of Owncast is seen as the supported version. As a small project we are unable to support previous versions and urge users of the software to stay up to date.
## Reporting a Vulnerability
To report a security issue with Owncast, [open an issue](https://github.com/owncast/owncast/issues/new
) on the Owncast GitHub repository and *do not* mention vulnerability details in the issue. If you have a preferred next step on where to discuss the details of the disclosure, please mention that in the issue if it's appropriate for those details to be public.
You may optionally [email Gabe](mailto:gabek@real-ity.com) to alert him directly and provide specifics on how you wish to disclose the details of the issue.
Owncast may open a draft [GitHub Security Advisory](https://docs.github.com/en/code-security/security-advisories/creating-a-security-advisory)
to discuss the vulnerability details in private if it is warranted.