From cf2c60b80559c564401c0f7b7de15a434fc178ef Mon Sep 17 00:00:00 2001 From: Joyce Date: Fri, 26 May 2023 11:17:54 -0300 Subject: [PATCH 1/3] Create SECURITY.md Signed-off-by: Joyce --- SECURITY.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..c5b2a3d77f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,13 @@ +# Security Policy + +## Supported Versions + +Security updates are applied only to the latest release. + +## Reporting a Vulnerability + +If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released. + +Please disclose it at [security advisory](https://github.com/ReactiveX/rxjs/security/advisories/new). + +This project is maintained by a team of volunteers on a reasonable-effort basis. As such, please give us at least 90 days to work on a fix before public exposure. From 00b4ef027ae79d5e96d0fdcc901ed131c9be0e2c Mon Sep 17 00:00:00 2001 From: Joyce Date: Tue, 26 Dec 2023 15:32:03 -0300 Subject: [PATCH 2/3] Update SECURITY.md to mention apache liability Signed-off-by: Joyce --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index c5b2a3d77f..659c365b55 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,8 +6,8 @@ Security updates are applied only to the latest release. ## Reporting a Vulnerability -If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released. +If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released. Besides, make sure to align with us before any public disclosure to ensure no dangerous information goes public too soon. Please disclose it at [security advisory](https://github.com/ReactiveX/rxjs/security/advisories/new). -This project is maintained by a team of volunteers on a reasonable-effort basis. As such, please give us at least 90 days to work on a fix before public exposure. +Although we will be working to solve any security issue as fast as possible, it is also important to notice that, in accordance with Apache 2.0 terms, no rxjs contributor can be liable for damages, including the ones caused by a security issue. From dfb14705925f25bf995c8216230ab3b19dda6921 Mon Sep 17 00:00:00 2001 From: Joyce Date: Tue, 26 Dec 2023 15:37:58 -0300 Subject: [PATCH 3/3] Update SECURITY.md: change RxJS writing Signed-off-by: Joyce --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 659c365b55..6251ca35c7 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -10,4 +10,4 @@ If you have discovered a security vulnerability in this project, please report i Please disclose it at [security advisory](https://github.com/ReactiveX/rxjs/security/advisories/new). -Although we will be working to solve any security issue as fast as possible, it is also important to notice that, in accordance with Apache 2.0 terms, no rxjs contributor can be liable for damages, including the ones caused by a security issue. +Although we will be working to solve any security issue as fast as possible, it is also important to notice that, in accordance with Apache 2.0 terms, no RxJS contributor can be liable for damages, including the ones caused by a security issue.