Version: v0.1 (2023-08-14)

Revanite currently only supports non-production use cases. But in spite of that, the Revanite Project team places high value on security considerations, and is continuously working on improving it.

We do not extend assurances or updates for any versions prior to the latest minor version. We will add security updates as semver "patch" releases only for the highest minor version.

For example, updates will be added to v1.3 only until v1.4 is released. If a security update was added in v1.3.1, then v1.4.0 is released, any defects found will be fixed in v1.4.1 and there will not be a v1.3.2.

In the event that a new major version is released, we will revisit this documentation to update accordingly.

If you find a security related bug in Revanite, we kindly ask you for responsible disclosure and for giving us appropriate time to react, analyze and develop a fix to mitigate the found security vulnerability.

We will do our best to react quickly on your inquiry, and to coordinate a fix and disclosure with you. Sometimes, it might take a little longer for us to react (e.g. out of office conditions), so please bear with us in these cases.

We will publish security advisories using the GitHub Security Advisories feature for each repository: https://github.com/revanite-io/[repository_name]/security/advisories (i.e., https://github.com/revanite-io/sci/security/advisories). feature to keep our community well-informed, and will credit you for your findings (unless you prefer to stay anonymous, of course).