Use this section to tell people about which versions of your project are currently being supported with security updates.
Version | Supported |
---|---|
latest | ✅ |
< latest | ❌ |
If you discover a security vulnerability within this project, please report it by sending an email to security-eipm@med.cornell.edu. Do not create a GitHub issue for security vulnerabilities.
In your report, please include:
- A description of the vulnerability.
- Steps to reproduce the issue.
- Any relevant logs or screenshots.
After submitting a vulnerability report, you can expect:
- An acknowledgment of receipt of the report within 48 hours.
- A detailed plan for mitigating the vulnerability.
- Updates on the progress of the mitigation.
When a security vulnerability is reported, this project follows the following disclosure policy:
- The project maintainers will confirm the vulnerability and determine its severity.
- A security advisory will be opened on GitHub to discuss and fix the issue.
- Once a fix is implemented and tested, a new release will be published.
- The security advisory will be closed, and details about the vulnerability as well as the mitigation will be disclosed.
If you have suggestions on how this process could be improved, please submit a pull request.