| layout | title | category | tags | order | ||||
|---|---|---|---|---|---|---|---|---|
developer-doc |
Security Policy |
summary |
|
2 |
This document outlines the security policy for all of the libraries in this repository.
If you believe that you have found a vulnerability in Enso or one of its libraries, please see the section on reporting a vulnerability below.
Security updates for these libraries are provided for the versions shown below with a ✅ next to them. No other versions have security updates provided.
| Version | Supported |
|---|---|
latest release |
✅ |
* |
❌ |
If you believe that you've found a security vulnerability in one of the libraries maintained in this repository, please contact [email protected] and provide details of the bug.
You can expect an update on a reported vulnerability within one business day, and the timeline works as follows:
- We analyse your report to determine the risk posed by the vulnerability, and our further steps forward. This may involve asking for more information.
- We will email the submitter with our verdict as to whether it is, or isn't a vulnerability, as well as the severity if it is.
- We plan and outline any steps necessary to fixing the bug, including the timeline for fixing the vulnerability within 90 days.
- We will communicate the planned fix with the person who submitted the vulnerability report.
- We will fix the bug and communicate with the submitter when the fix has
landed on
main, and when it has been backported to the above supported versions. - The submitted may then disclose the bug publicly.
All communication will take place via email with a member of our team.