2022-10-29 10:04:03 +00:00
# Security Policy
## Supported Versions
| Version | Support security updates |
| ------- | ------------------------ |
2024-06-23 08:50:35 +00:00
| 4.x | :white_check_mark: |
| < 4.0 | :x: |
2022-10-29 10:04:03 +00:00
## Reporting a Vulnerability
If there are any vulnerabilities in {{cookiecutter.project_name}}, don't hesitate to report them.
2022-11-13 08:51:05 +00:00
1. Describe the vulnerability.
2022-10-29 10:04:03 +00:00
* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
* Full paths of source file(s) related to the manifestation of the issue
* The location of the affected source code (tag/branch/commit or direct URL)
* Any special configuration required to reproduce the issue
* Step-by-step instructions to reproduce the issue
* Proof-of-concept or exploit code (if possible)
* Impact of the issue, including how an attacker might exploit the issue
2022-11-13 08:51:05 +00:00
2. If you have a fix, that is most welcome -- please attach or summarize it in your message!
2022-10-29 10:04:03 +00:00
2022-11-13 08:51:05 +00:00
3. We will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. We will contact you to let you know the outcome, and will credit you in the report.
2022-10-29 10:04:03 +00:00
2022-11-13 08:51:05 +00:00
4. Please do not disclose the vulnerability publicly until a fix is released!
2022-10-29 10:04:03 +00:00
Once we have either a) published a fix, or b) declined to address the vulnerability for whatever reason, you are free to publicly disclose it.
