dda4736d33
* Create SECURITY.md * Format fix * Update SECURITY.md * Update SECURITY.md * Update SECURITY.md Co-authored-by: Paul D'Ambra <paul.dambra@gmail.com> * Update SECURITY.md mention the google group is private * Update SECURITY.md * Update SECURITY.md formatting --------- Co-authored-by: Yun Feng <yun.feng0817@gmail.com> Co-authored-by: Paul D'Ambra <paul.dambra@gmail.com> Co-authored-by: Eoghan Murray <eoghan@getthere.ie>
16 lines
804 B
Markdown
16 lines
804 B
Markdown
# Vulnerability Disclosure Policy
|
|
|
|
This document outlines rrweb's vulnerability disclosure policy.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please do not report security vulnerabilities through public GitHub issues.
|
|
Instead, please report them to our GitHub Security page. If you prefer to submit one without using GitHub, you can also email the
|
|
private Google Group rrweb-security@googlegroups.com, which will go to the core team members only. We commit to acknowledging
|
|
vulnerability reports and will work to fix active vulnerabilities as soon as we can (noting this is a community run project).
|
|
|
|
We will publish resolved vulnerabilities as security advisories on our GitHub security page.
|
|
|
|
We appreciate your help in making rrweb more secure for everyone.
|
|
Thank you for your support and responsible disclosure.
|