Skip to content

Latest commit

 

History

History
29 lines (20 loc) · 1.75 KB

SECURITY.md

File metadata and controls

29 lines (20 loc) · 1.75 KB

Security Policy

Supported Versions

Version Supported
2.x.x
< 2.0.0

Reporting a Vulnerability

Please email reports about any security related issues you find to [email protected]. This mail is delivered to a small developer team. Your email will be acknowledged within one business day, and you'll receive a more detailed response to your email within 7 days indicating the next steps in handling your report.

Please use a descriptive subject line for your report email. After the initial reply to your report, our team will endeavor to keep you informed of the progress being made towards a fix and announcement.

In addition, please include the following information along with your report:

  • Your name and affiliation (if any).
  • A description of the technical details of the vulnerabilities. It is very important to let us know how we can reproduce your findings.
  • An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This will help us evaluate your report quickly, especially if the issue is complex.
  • Whether this vulnerability public or known to third parties. If it is, please provide details.
  • Whether we could mention your name in the changelogs.

Once an issue is reported we use the following disclosure process:

  • When a report is received, we confirm the issue and determine its severity.
  • If we know of specific third-party services or software based on logdata-anomaly-miner that require mitigation before publication, those projects will be notified.
  • Fixes are prepared for the last minor release of the latest major release.
  • Patch releases are published for all fixed released versions.