6b7558c559
Updated the security policy to include a section on reporting vulnerabilities and guidelines for responsible disclosure.
1.5 KiB
Security Policy
Reporting a Vulnerability
The WeKnora team takes security vulnerabilities seriously.
We appreciate your efforts to responsibly disclose any security issues you discover.
⚠️ Please do NOT report security vulnerabilities through public GitHub issues.
Preferred reporting method
We recommend reporting security vulnerabilities using GitHub’s private vulnerability reporting feature:
- Go to the Security tab of this repository
- Click “Report a vulnerability”
- Fill in the details and submit the report
This allows us to discuss, investigate, and fix the issue privately.
Alternative contact
If you are unable to use GitHub’s Security Advisory feature, you may contact the maintainers through the repository owners.
Please avoid sharing sensitive information publicly.
What to include in your report
To help us understand and resolve the issue quickly, please include:
- A clear description of the vulnerability
- Steps to reproduce (proof-of-concept if available)
- The affected version(s)
- Potential impact and severity
- Any suggested mitigations or fixes (if known)
Response timeline
We aim to:
- Acknowledge receipt of your report within 48 hours
- Provide a status update as the investigation progresses
Coordinated disclosure
We kindly ask reporters to follow responsible disclosure practices and allow us reasonable time to address the issue before any public disclosure.
Thank you for helping keep WeKnora and its users secure.