From e1cde76f56dbdc0d3c9aedaac09693345cf16334 Mon Sep 17 00:00:00 2001 From: Ali Sajid Imami <395482+AliSajid@users.noreply.github.com> Date: Mon, 21 Oct 2024 13:24:34 -0400 Subject: [PATCH] docs: add a `SECURITY.md` file --- SECURITY.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..979dcc6 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,38 @@ + + +# Security Policy + +## Supported Versions + +This plugin will always support the **current** and **previous three releases** of Neovim. The plugin may have an irregular release schedule, so please ensure your Neovim version is within the supported range to receive updates and fixes. + +| Neovim Version | Supported | +| -------------- | ------------------ | +| Nightly | :white_check_mark: | +| Stable | :white_check_mark: | +| Stable - 1 | :white_check_mark: | +| Stable - 2 | :white_check_mark: | +| Stable - 3 | :white_check_mark: | +| Older versions | :x: | + +## Reporting a Vulnerability + +If you discover any security vulnerabilities or potential issues, please follow these steps to report them: + +1. **Do not publicly disclose** the vulnerability until a fix is available. +2. Email [security@email.imamiland.com](mailto:security@email.imamiland.com) with details of the vulnerability, including: + - Steps to reproduce the issue. + - A detailed description of the security impact. + - Potential fixes or recommendations if available. +3. You will receive an acknowledgment within **48 hours** of your report. + +Once the issue has been assessed, we will provide a timeline for a fix and release. Security patches will be backported for all supported versions of Neovim. + +## Vulnerability Disclosure Timeline + +- We aim to resolve critical vulnerabilities within **7 days** of being reported. +- Non-critical vulnerabilities will be handled during regular development cycles and addressed in future updates.