forked from springcute/rt-thread
Update SECURITY.md
This commit is contained in:
parent
613e5a3e51
commit
74719aafc8
|
@ -2,20 +2,33 @@
|
|||
|
||||
## Supported Versions
|
||||
|
||||
Use this section to tell people about which versions of your project are
|
||||
currently being supported with security updates.
|
||||
The RT-Thread project supports the following versions with security updates:
|
||||
|
||||
| Version | Supported |
|
||||
| ------- | ------------------ |
|
||||
| 5.1.x | :white_check_mark: |
|
||||
| 5.0.x | :x: |
|
||||
| 4.0.x | :white_check_mark: |
|
||||
| < 4.0 | :x: |
|
||||
- The most recent release, and the release prior to that.
|
||||
- Active LTS releases.
|
||||
|
||||
At this time, with the latest release of v5.0.0, the supported
|
||||
versions are:
|
||||
|
||||
- xxx
|
||||
- xxx
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
Use this section to tell people how to report a vulnerability.
|
||||
Please see [xx](xx) for detail about the security vulnerability reporting process.
|
||||
Vulnerabilities to the RT-Thread project may be reported via email to the XXX@XXX mailing list. These reports will be acknowledged and analyzed by the security response team within 1 week. Each vulnerability will be entered into the RT-Thread security advisory GitHub.
|
||||
|
||||
To report a security vulnerability, you need to provide at least the following information:
|
||||
|
||||
### Summary
|
||||
_Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server._
|
||||
|
||||
### Details
|
||||
_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._
|
||||
|
||||
### PoC
|
||||
_Complete instructions, including specific configuration details, to reproduce the vulnerability._
|
||||
|
||||
### Impact
|
||||
_Give all affected versions. What kind of vulnerability is it? Which components are impacted?_
|
||||
|
||||
Tell them where to go, how often they can expect to get an update on a
|
||||
reported vulnerability, what to expect if the vulnerability is accepted or
|
||||
declined, etc.
|
||||
|
|
Loading…
Reference in New Issue