Skip to content

Security: project-copacetic/copacetic

SECURITY.md

Security Policy

Supported Versions

Copacetic remains in the process of getting to a stable v1.0 release, and as such does not currently provide a long-term supported version. We make a good faith effort to respond to security issues in a timely manner and will release version updates as needed to address them. Users should expect to upgrade to the latest release version to stay current on security updates.

Communication

We will publish known vulnerabilities through a GitHub Security Advisory once they have been addressed to inform the community of their potential scope, impact, and mitigation.

Reporting Security Issues

Project Copacetic and its maintainers takes the security of the project seriously, and we appreciate your efforts to responsibly disclose your findings to us.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them through our private vulnerability reporting form.

Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:

  • Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
  • Full paths of source file(s) related to the manifestation of the issue
  • The location of the affected source code (tag/branch/commit or direct URL)
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if possible)
  • Impact of the issue, including how an attacker might exploit the issue

This information will help us triage your report more quickly.

We believe in Coordinated Vulnerability Disclosure (CVD) and will work with you through the private advisory report.

Preferred Languages

We prefer all communications to be in English.

There aren’t any published security advisories