rlespinasse/github-slug-action
1
0
Fork 0
mirror of https://github.com/rlespinasse/github-slug-action.git synced 2026-05-17 18:35:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
094dd7fdb3abbcea606c6e9990f01c448aa98017
github-slug-action/SECURITY.md
Romain Lespinasse 094dd7fdb3 docs(security): improve vulnerability reporting section 
Signed-off-by: Romain Lespinasse <romain.lespinasse@gmail.com>
2023-03-14 19:49:15 +01:00

1.3 KiB
Raw Blame History

Security Policy

Supported Versions and Branches

We only support 2 major versions for security patches

Version Branch Supported Specific Tags
4.x v4.x v4
3.x v3.x
< 2.x v2.x, v1.1.x

A GitHub repository can used one of the available branches as action inside its workflows.

End of Life of a branch

When a branch is not supported anymore, the following process occurs

  • Since v4.x branch, the branch will be deleted 2 major versions after
    • So v4.x branch will be deleted when v7.x branch will have its first release
    • prefer the v4 tag to v4.x branch as reference in our workflow,
  • Before v4.x branch, the branch will be converted into a tag when the support is dropped
    • So v3.x branch will be converted as tag when v5.x branch will have its first release

Reporting a Vulnerability

You can report a Vulnerability by creating a (https://github.com/rlespinasse/github-slug-action/security/advisories)[draft security advisory] in this project.

If the vulnerability is confirm, a fix will be produce and the advisory will be publish.

Reference in New Issue View Git Blame Copy Permalink