From 12349693cdef745fe40cd9cbadc7d68f75d58caf Mon Sep 17 00:00:00 2001 From: JackMacWindows Date: Fri, 16 Aug 2024 16:25:33 -0400 Subject: [PATCH] Create SECURITY.md --- SECURITY.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..d1d7cc1 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,18 @@ +# Security Policy + +## Supported Versions + +There is only one branch for updates, so only the latest versions have security updates. + +## Reporting a Vulnerability + +If a bug is related to the following issues: +- Filesystem sandbox escape (outside of mounts) +- Process/library loading +- Arbitrary code execution +- Network rule bypass +- Any other form of reading host information (excluding LuaJIT) + +it is a security vulnerability, and should be reported as such. + +Use the Security tab to privately report a vulnerability. It will be reviewed, and if it's valid, a patch will be made available within a week (depending on the severity of the vulnerability).