22 lines
1.4 KiB
Markdown
22 lines
1.4 KiB
Markdown
# Security Policy
|
|
|
|
This document outlines our security policy for the codebase, and how to report vulnerabilities.
|
|
|
|
## Versions
|
|
|
|
| Version | Branch | Supported | Website active |
|
|
| ----------- | -------------- | -------------------- | ---------------- |
|
|
| production | `prod-current` | :white_check_mark: | freecodecamp.org |
|
|
| beta | `prod-staging` | :white_check_mark: | freecodecamp.dev |
|
|
| development | `main` | | |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you think you have found a vulnerability, _please report responsibly_. Don't create GitHub issues for security issues. Instead, please send an email to `security@freecodecamp.org` and we'll look into it immediately.
|
|
|
|
We appreciate any responsible disclosure of vulnerabilities that might impact the integrity of our platforms and users.
|
|
|
|
While we do not offer any bounties or swags at the moment, we'll be happy to list your name in our [Hall of Fame](https://contribute.freecodecamp.org/#/security-hall-of-fame) list, provided the reports are not low-effort for example: using tools & online utilities to report SFP configurations, or SSL Server tests, etc. We consider those in the category of ["beg bounties"](https://www.troyhunt.com/beg-bounties/).
|
|
|
|
Ensure that you are using the **latest**, **stable** and **updated** version of the Operating System and Web Browser available to you on your machine.
|