2019-07-13 20:22:20 +03:00
|
|
|
|
# Security Policy
|
|
|
|
|
|
|
|
|
|
|
|
## Supported Versions
|
|
|
|
|
|
|
|
|
|
|
|
| Version | Supported |
|
|
|
|
|
|
| ------- | ------------------ |
|
2019-07-13 22:55:25 +03:00
|
|
|
|
| > 1.0 | :white_check_mark: |
|
|
|
|
|
|
| < 1.0 | :x: |
|
2019-07-13 20:22:20 +03:00
|
|
|
|
|
|
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
|
|
|
|
|
|
|
|
If you have found a potential security threat, vulnerability or exploit in Quasar
|
|
|
|
|
|
or one of its upstream dependencies, please DON’T create a pull-request, DON’T
|
|
|
|
|
|
file an issue on GitHub, DON’T mention it on Discord and DON’T create a forum thread.
|
|
|
|
|
|
|
2019-07-13 22:55:25 +03:00
|
|
|
|
DO reach out to the team by sending an email to **security@quasar.dev** - we
|
2019-07-13 20:22:20 +03:00
|
|
|
|
will investigate and work with you to triage this issue and help you to report it
|
2019-07-13 22:55:25 +03:00
|
|
|
|
if appropriate.
|
|
|
|
|
|
|
|
|
|
|
|
If you like, you may use PGP to encrypt your messages, as the public key has been published at the pgp.mit.edu keyserver.
|
|
|
|
|
|
|
|
|
|
|
|
At the current time we do not have the financial ability to reward bounties, but in extreme cases will at our discretion consider a reward.
|
2019-07-13 20:22:20 +03:00
|
|
|
|
|
|
|
|
|
|
## Security Audit
|
|
|
|
|
|
|
|
|
|
|
|
You can apply to book the Quasar team’s security experts to perform a Security Audit
|
|
|
|
|
|
for your project. Contact us to find out more about how to acquire, validate and publish
|
|
|
|
|
|
an official timestamped and version-locked audit badge.
|
|
|
|
|
|
|
2019-07-13 22:55:25 +03:00
|
|
|
|
`security@quasar.dev`
|
2019-07-13 20:22:20 +03:00
|
|
|
|
|
|
|
|
|
|
## Security Documentation
|
|
|
|
|
|
|
|
|
|
|
|
https://quasar.dev/security/
|
