Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a security policy document #1365

Merged
merged 7 commits into from May 22, 2022
Merged

Add a security policy document #1365

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
f1d0b0e
Add a security policy document
meatballhat Apr 22, 2022
de39f01
Merge remote-tracking branch 'origin/main' into security-policy-doc
meatballhat Apr 22, 2022
849e7f0
Merge branch 'main' into security-policy-doc
meatballhat Apr 22, 2022
b42bf69
Add note about looming EOL of `v1`
meatballhat Apr 26, 2022
1bef031
Footnote update per feedback in #1365
meatballhat Apr 26, 2022
31d6090
Merge remote-tracking branch 'origin/main' into security-policy-doc
meatballhat May 7, 2022
32be625
Use google group email addresses
meatballhat May 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
11 changes: 6 additions & 5 deletions CODE_OF_CONDUCT.md
View file
Open in desktop
Expand Up @@ -55,11 +55,12 @@ further defined and clarified by project maintainers.
## Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting Dan Buch at dan@meatballhat.com. All complaints will be
reviewed and investigated and will result in a response that is deemed necessary
and appropriate to the circumstances. The project team is obligated to maintain
confidentiality with regard to the reporter of an incident. Further details of
specific enforcement policies may be posted separately.
reported by contacting urfave-governance@googlegroups.com, a members-only group
that is world-postable. All complaints will be reviewed and investigated and
will result in a response that is deemed necessary and appropriate to the
circumstances. The project team is obligated to maintain confidentiality with
regard to the reporter of an incident. Further details of specific enforcement
policies may be posted separately.

Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
Expand Down
27 changes: 27 additions & 0 deletions docs/SECURITY.md
View file
Open in desktop
@@ -0,0 +1,27 @@
# Security Policy

Hello and thank you for your interest in the `urfave/cli` security
policy! :tada: :lock:

## Supported Versions

| Version | Supported |
| ------------ | ------------------------------------- |
| `>= v2.3.x` | :white_check_mark: |
| `< v2.3` | :x: |
| `>= v1.22.x` | :white_check_mark: :lady_beetle: [^1] |
| `< v1.22` | :x: |

## Reporting a Vulnerability

Please disclose any vulnerabilities by sending an email to:

[urfave-security@googlegroups.com](mailto:urfave-security@googlegroups.com)

You should expect a response within 48 hours and further
communications to be decided via email. The `urfave/cli` maintainer
team comprises volunteers who contribute when possible, so please
have patience :bow:

[^1]: The `v1.22.x` series will receive bug fixes and security
patches only.