Skip to content

Security: philiporlando/fgdb_to_gpkg

SECURITY.md

Security Policy

Supported Versions

Version Supported
v0.1.11
v0.1.10
v0.1.9
v0.1.8
v0.1.7
v0.1.6
< v0.1.5

Reporting a Vulnerability

We take the security of our Python package very seriously. If you believe you've found a security vulnerability in our package, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.

Guidelines for Reporting Vulnerabilities:

  1. Private Disclosure: Please do not disclose the vulnerability publicly. Give us a reasonable amount of time to address the issue before sharing it with others.

  2. Provide Detailed Information:

    • Type of Vulnerability: Describe the nature of the vulnerability.
    • Steps to Reproduce: Provide a step-by-step guide so that we can reproduce the issue on our end. This will help us resolve the problem more efficiently.
    • Version Affected: Mention the version(s) of the package where you noticed the vulnerability.
    • Potential Impact: If possible, let us know your thoughts on the potential impact of the vulnerability.
  3. Use a Descriptive Subject Line: When sending an email or creating an issue, use a subject that describes the vulnerability, such as "Cross-site Scripting (XSS) Vulnerability in [Function/Feature Name]" or "Buffer Overflow in [Function/Feature Name]."

  4. Avoid Data Destruction: If the vulnerability involves any kind of data deletion or corruption, please refrain from executing it on live platforms.

How to Report:

You can report vulnerabilities by:

  • GitHub Issue: Create a new issue on our GitHub repository (if it's a private repository or if you think the disclosure can be made in this manner).

Upon receiving your report:

  • We will acknowledge receipt of your vulnerability report within 48 hours.
  • We'll work to confirm the vulnerability and keep you updated on our progress.
  • Once the issue is resolved, we'll notify you and provide details of the resolution.

Responsible Disclosure Policy:

We kindly ask that you:

  • Do not exploit the vulnerability beyond what is necessary to demonstrate it.
  • Do not use the vulnerability to access, delete, alter, or otherwise harm data.
  • Do not reveal the vulnerability to others until it has been resolved.

We are committed to addressing all security issues in a timely manner and appreciate your effort in responsibly disclosing them to us.

There aren’t any published security advisories