Skip to content
This repository has been archived by the owner on Sep 24, 2022. It is now read-only.
/ leap-day Public archive
forked from pages-themes/leap-day

Security: ParadoxV5/leap-day

Security

SECURITY.md

Per coördinated vulnerability disclosure:

  • A security vulnerability should be publicized for awareness, yes, but only after the contributors have released patches. This way, the contributors get a headstart rather than malicious abusers.

    • Reporters should not file security vulnerabilities as Issues or send their patches via Pull Requests, as these listings are publicly visible for public repositories. Instead, contact the maintainer(s) privately, such as via e-mail or Discord.
  • To minimize the time users (and developers too) are left unaware of the penetration attempts in the wild, the maintainer(s) should publish fixes for loopholes as new versions as soon as possible (ASAP), for every maintained major/minor versions and ahead of a regular milestone.

There aren’t any published security advisories