Upload SECURITY.md

2025-01-30 10:37:54 +08:00 · 2022-03-03 22:51:16 +01:00 · 2022-03-03 22:51:16 +01:00 · ca14a1e8d0
commit ca14a1e8d0
parent f0b0d21386
1 changed files with 41 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,41 @@
+# Security Policy
+
+## Supported Versions
+
+Currently due to the fast development only the latest version receives security updates.
+
+| Version  | Supported |
+| -------- | --------- |
+| 2.13.x   | ✔         |
+| < 2.13.0 | ❌         |
+
+## Reporting a Vulnerability
+
+Please report security issues or vulnerabilities as an encrypted email to *security[at]snappymail.eu*.
+Your report should be detailed enough with clear steps to reproduce and classify the found vulnerability.
+
+You can find the PGP public key here and on the major public keyservers like [pgp.key-server.io](https://pgp.key-server.io).
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYiE2QRYJKwYBBAHaRw8BAQdAqMrQUm6DddWcQNo0VEjNIu3Q6CfP3nokVv2Y
+rNQ1avq0LFNuYXBweU1haWwgU2VjdXJpdHkgPHNlY3VyaXR5QHNuYXBweW1haWwu
+ZXU+iJQEExYKADwWIQREXSZRJOYHJnHmTQcz+Gin416CdwUCYiE2QQIbAwULCQgH
+AgMiAgEGFQoJCAsCBBYCAwECHgcCF4AACgkQM/hop+NegnfSGgD9GEHpOrvWpBGY
+dYfvVd/+Lv5d+dFBcPyki9zu9zHfhwkBAL343EF6ZR0XwMlOQu9wu0hT9KBz4g55
+6D41i0PrEaoBuDgEYiE2QRIKKwYBBAGXVQEFAQEHQMMr9gcVcJ3aiup/tpl8ZXxy
+aJiJRGkPyNwGI5vxHMpZAwEIB4h4BBgWCgAgFiEERF0mUSTmByZx5k0HM/hop+Ne
+gncFAmIhNkECGwwACgkQM/hop+NegndVhgD/SVGSKbF4G2W024VpW2tm3zCT+ue+
+YMXQVq4SJt7UpWABAORudfJxsBqCRKtPlZMgGTJLjcOkyFJ9C2Fx7DeN0J4I
+=nSOi
+-----END PGP PUBLIC KEY BLOCK-----
+```
+
+Type: 255-bit EdDSA
+Fingerprint: 445D265124E6072671E64D0733F868A7E35E8277
+
+## Publishing and Credits
+
+I will analyze and fix the reported issue as fast as possible.
+Together with the reporter I plan the disclosure of the found and fixed vulnerability.
+Credits to the reporter are granted and can be included in all public communication if desired.