Skip to content

Security: chains-project/ghasum

SECURITY.md

Security Policy

The maintainers of the ghasum project take security issues seriously. We appreciate your efforts to responsibly disclose your findings. Due to the non-funded and open-source nature of the project, we take a best-efforts approach when it comes to engaging with security reports.

This document should be considered expired after 2024-12-31. If you are reading this after that date, try to find an up-to-date version in the official source repository.

Supported Versions

Only the latest release of the project is supported with security updates.

Reporting a Vulnerability

To report a security issue in the latest release or development head, either:

Please do not open a regular issue or Pull Request in the public repository.

To report a security issue in an older version - i.e. the latest release isn't affected - please report it publicly. For example, as a regular issue in the public repository. If in doubt, report the issue privately.

What to Include in a Report

Try to include as many of the following items as possible in a security report:

  • An explanation of the problem
  • A proof of concept exploit
  • A suggested severity
  • Relevant CWE identifiers
  • The latest affected version
  • The earliest affected version
  • A suggested patch
  • An automated regression test

Advisories

ID Date Affected version(s) Patched version(s)
- - - -

Acknowledgments

We would like to publicly thank the following reporters:

  • None yet

There aren’t any published security advisories