You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This document outlines the security policy for the conjure_enum project. Here, we detail how to report vulnerabilities and how we handle them.
## Reporting a Vulnerability
If you discover a potential security vulnerability in conjure_enum, we encourage you to report it responsibly. Here's how:
-**Privately Contact Us:** Please file a [detailed report](https://github.com/fix8mt/conjure_enum/security/advisories/new).
-**Include Details:** In your email, please provide the following information (if applicable):
- A clear description of the vulnerability.
- Steps to reproduce the vulnerability (if possible).
- The potential impact of the vulnerability.
We appreciate your cooperation in keeping conjure_enum secure. We will work with you confidentially to address the vulnerability as quickly as possible.
## Disclosure Process
Once a vulnerability is confirmed, we will follow these steps:
-**Acknowledge Receipt:** We will acknowledge receipt of your report within 48 hours.
-**Work on a Fix:** We will prioritize fixing the vulnerability and aim to release a patch within a reasonable timeframe.
-**Notify Users (if necessary):** For critical vulnerabilities, we may publish a security advisory on the GitHub repository detailing the issue and mitigation steps.
