Use this section to tell people about which versions of your project are currently being supported with security updates.
Version | Supported |
---|---|
1.0.x | ✅ |
< 1.0 | ❌ |
The Zemit team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.
If you believe you've found a security vulnerability in Zemit, please follow these steps:
-
Do Not Publicly Disclose: Publicly disclosing a vulnerability can put the entire community at risk. Please email your findings to security@zemit.com.
-
Provide Details: Include as much information as possible. The more information you provide, the easier it is for us to understand and resolve the issue. Details might include:
- The type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
-
Wait for Acknowledgement: We will acknowledge your email within 48 hours, and will send a more detailed response within an additional 48 hours indicating the next steps in handling your report.
After you’ve reported a vulnerability, the following will happen:
- We will confirm receipt of your report and start working on a fix.
- We will work with you to understand the issue and its impact.
- Once the issue is resolved, an update will be released.
- You will be publicly acknowledged for your efforts (if you desire).
Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions.
Thank you for helping us keep Zemit and its users safe.
The Zemit Security Team