feat: udpate security policy docs (#5927)

2024-11-22 07:12:35 +03:00 · 2024-02-28 08:07:49 +00:00 · 2024-02-28 08:07:49 +00:00 · 82f21ac60b
commit 82f21ac60b
parent d7ff7a3d95
1 changed files with 29 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,29 @@
+# Security Policy
+
+## Supported Versions
+
+We recommend users to always use the latest major version. Security updates will be provided for the current major version until the next major version is released.
+
+| Version         | Supported          |
+| --------------- | ------------------ |
+| 0.12.x (stable) | :white_check_mark: |
+| < 0.12.x        | :x:                |
+
+## Reporting a Vulnerability
+
+We welcome you to provide us with bug reports via and email at [security@toeverything.info](mailto:security@toeverything.info). We expect your report to contain at least the following for us to evaluate and reproduce:
+
+1. Using platform and version, for example:
+
+   - macos arm64 0.12.0-canary-202402220729-0868ac6
+   - app.affine.pro 0.12.0-canary-202402220729-0868ac6
+
+2. A sets of video or screenshot containing the reproduce steps that proves you successfully exploited the vulnerability, preferably including the time and software version of the successful exploit.
+
+3. Your classification or analysis of the vulnerability (optional)
+
+Since we are an open source project, we also welcome you to provide corresponding fix PRs.
+
+We will provide bounties for vulnerabilities involving user information leakage, permission leakage, and unauthorized code execution. For other types of vulnerabilities, we will determine specific rewards based on the evaluation results.
+
+If the vulnerability is caused by a library we depend on, we encourage you to submit a security report to the corresponding dependent library at the same time to benefit more users.