DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-01-11 13:57:41 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Create SECURITY.md

Browse source
This commit is contained in:
snipe 2021-04-20 22:15:41 -07:00 committed by GitHub
parent b037d0efdd
commit 1886841ec5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
SECURITY.md Normal file
View file

@ -0,0 +1,27 @@
# Security Policy
We take security issues very seriously, and will always attempt to address any
vulnerabilities as quickly as possible.
## Supported Versions
We try to make a reasonable effort to support older versions of Snipe-IT,
however there are times when library dependencies and/or PHP/MySQL dependencies
make it impossible to backport security fixes on older versions.
| Version | Supported |
| ------- | ------------------ |
| 5.1.x | :white_check_mark: |
| 5.0.x | :x: |
| 4.0.x | :white_check_mark: |
| < 4.0 | :x: |
## Reporting a Vulnerability
Security vulnerabilities should be sent to security@snipeitapp.com. You can typically expect a
response within two business days, and we typically have fixes out in under a week from the initial disclosure.
This obviously varies based on the severity of the security issue and the difficulty in remediation,
but those have historically been the timelines we worm around.
For a full breakdown of our security policies, please see https://snipeitapp.com/security.