The purpose of this document is to outline how project maintainers will handle any discovered security vulnerabilities.
Security patches will be provided only for the latest release of starlink_exporter. This policy ensures that
security updates are concentrated on the most up-to-date and stable version of the project. Older versions will not
receive security patches.
| Version | Supported |
|---|---|
0.2.x |
✅ |
< 0.2.x |
❌ |
If you discover a security vulnerability in this project, we encourage you to report it to the project maintainer as soon as possible so that we can investigate and resolve the issue. I take security very seriously and will work quickly to address any confirmed vulnerabilities.
You can report a security vulnerability by:
- Create a vulnerability report on GitHub
- Send an email to
[email protected](if possible, encrypt the email using GPG - see here)
I will acknowledge your report within 48 hours and aim to resolve critical issues within 30 days. In cases where the issue is particularly complex, the resolution may take longer, but I will keep you informed of progress. Your efforts to improve the security of this project are greatly appreciated.
Never disclose security vulnerabilities publicly, especially on GitHub issues.
I take the security of my projects and their users very seriously. As such, I encourage people to responsibly disclose security vulnerabilities. If you report a security vulnerability responsibly, it helps protect the project and its users, and you will also be credited when a Security Advisory is published.
I define responsible disclosure as follows:
- Disclosing the discovered vulnerability directly to the project maintainer.
- Not sharing, publishing or disclosing information about the vulnerability prior to it being reported.
- Allowing a reasonable period of time (typically up to 90 days) after reporting the vulnerability to investigate and resolve the issue, before you publicly disclose information about the vulnerability or its existence.
- Never attempting to exploit or take advantage of the vulnerability or any related vulnerabilities against any system not owned by yourself.
By following this Security Policy, I aim to improve and maintain the security of my projects. If you have any questions or concerns about this policy or this project's security practices, please do not hesitate to contact me (see https://joshuasing.dev/#contact).