Template note: replace every
ALL_CAPSplaceholder in this file before publishing or sharing the repository.
This document explains which versions of PROJECT_NAME receive security updates and how to report vulnerabilities privately.
Replace this table with the actual support policy for the repository. Do not claim support windows or release lines that the project does not actually maintain.
| Version | Supported |
|---|---|
REPLACE_ME_SUPPORTED_VERSION_1 |
Yes |
REPLACE_ME_SUPPORTED_VERSION_2 |
REPLACE_ME_YES_OR_NO |
REPLACE_ME_UNSUPPORTED_VERSION |
No |
If a table is not the right fit, replace it with a short policy statement such as:
REPLACE_ME_SUPPORTED_VERSION_POLICY
Report vulnerabilities privately through REPLACE_ME_PRIVATE_REPORTING_CHANNEL.
Do not use public GitHub issues, pull requests, discussions, chat channels, or other public forums for vulnerability reports.
When reporting a vulnerability, include as much of the following as possible:
- affected version, commit, or deployment identifier
- a description of the issue and the security impact
- steps to reproduce or a minimal proof of concept
- any relevant logs, screenshots, or traces
- any suggested mitigations or fixes, if available
Replace this section only if the project has a documented disclosure process. If not, remove this section rather than inventing timelines or response guarantees.
- Acknowledgement target:
REPLACE_ME_ACKNOWLEDGEMENT_POLICY - Fix or remediation target:
REPLACE_ME_REMEDIATION_POLICY - Advisory publication location:
REPLACE_ME_ADVISORY_LOCATION