cheyang
/
fluid
mirror of https://github.com/fluid-cloudnative/fluid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add security file (#3182) 

Signed-off-by: RongGu <gurongwalker@gmail.com>
This commit is contained in:
Rong Gu 2023-04-27 11:52:35 +08:00 committed by GitHub
parent d720130353
commit 045e8d2fba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
SECURITY.md Normal file
View File

@ -0,0 +1,40 @@
# Security
## Supported Versions
Fluid currently commits to supporting the n-1 version minor version of the current major release;
as well as the last minor version of the previous major release.
Here's an overview:
| Version | Supported |
| ------- | ------------------- |
| 0.8.x | :white_check_mark: |
## Reporting a Vulnerability
We strive to ship secure software, but we need the community to help us find security breaches. In case of a confirmed breach, reporters will get full credit and can be keep in the loop, if preferred.
If you find a security related bug in Fluid, we kindly ask you for responsible disclosure and for giving us appropriate time to react, analyze and develop a fix to mitigate the found security vulnerability.
### Private Disclosure Processes
We ask that all suspected vulnerabilities be privately and responsibly disclosed by contacting our [security contact](SECURITY_CONTACTS.md) or [contacting our maintainers](mailto:fluid.opensource.project@gmail.com).
### Public Disclosure Processes
If you know of a publicly disclosed security vulnerability please IMMEDIATELY email the our [security contact](SECURITY_CONTACTS.md) or [contacting our maintainers](mailto:fluid.opensource.project@gmail.com) to inform about the vulnerability so they may start the patch, release, and communication process.
### Compensation
We do not provide compensations for reporting vulnerabilities except for eternal gratitude.
## Communication
[GitHub Security Advisor](https://github.com/fluid-cloudnative/fluid/security/advisories) will be used to communicate during the process of identifying, fixing & shipping the mitigation of the vulnerability.
The advisory will only be made public when the patched version is released to inform the community of the breach and its potential security impact.
Please report vulnerabilities by e-mail to the following address:
[security contact](SECURITY_CONTACTS.md) or [contacting our maintainers](mailto:fluid.opensource.project@gmail.com)