Skip to content

Security: opensfcc/sfcc-docs

Security

.github/SECURITY.md

Security Policy

Supported Versions

Version Supported
5.1.x
5.0.x
4.0.x
< 4.0

Reporting a Vulnerability

If you have identified a security vulnerability in system or product please email [email protected] with your findings. We strongly recommend using our PGP key to prevent this information from falling into the wrong hands.

Disclosure Policy

Upon receipt of a security report the following steps will be taken:

  • Acknowledge your report within 48 hours, and provide a further more detailed update within 48 hours.
  • Confirm the problem and determine the affected versions
  • Keep you informed of the progress towards resolving the problem and notify you when the vulnerability has been fixed.
  • Audit code to find any potential similar problems.
  • Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.
  • Handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission.

Whilst the issue is under investigation

  • Do provide as much information as possible.
  • Do not exploit of the vulnerability or problem you have discovered.
  • Do not reveal the problem to others until it has been resolved.

There aren’t any published security advisories