32 lines
875 B
Markdown
32 lines
875 B
Markdown
# Security Policy — ${REPO_NAME}
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
**Do NOT open a public issue for security vulnerabilities.**
|
|
|
|
Instead, please report vulnerabilities privately:
|
|
|
|
1. Email: **security@hiddenden.cafe** (preferred)
|
|
2. Or use the Gitea "Security" issue template which reminds reporters to use private channels.
|
|
|
|
Include:
|
|
- Description of the vulnerability
|
|
- Steps to reproduce
|
|
- Potential impact
|
|
- Suggested fix (if any)
|
|
|
|
We aim to acknowledge reports within **48 hours** and provide a fix or mitigation plan
|
|
within **7 days** for critical issues.
|
|
|
|
## Supported Versions
|
|
|
|
| Version | Supported |
|
|
| ------- | --------- |
|
|
| latest | Yes |
|
|
|
|
## Security Scanning
|
|
|
|
This repository optionally runs automated security scanning via Gitea Actions.
|
|
To enable it, set `ENABLE_SECURITY=true` in `.ci/config.env`.
|
|
See [docs/SECURITY.md](docs/SECURITY.md) for details.
|