rlespinasse/github-slug-action
1
0
Fork 0
mirror of https://github.com/rlespinasse/github-slug-action.git synced 2026-05-17 18:35:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d1ca8ffbce40ea2371e35bca356db0acacf567d2
github-slug-action/SECURITY.md
Romain Lespinasse 094dd7fdb3 docs(security): improve vulnerability reporting section 
Signed-off-by: Romain Lespinasse <romain.lespinasse@gmail.com>
2023-03-14 19:49:15 +01:00

30 lines
1.3 KiB
Markdown
Raw Blame History

# Security Policy
## Supported Versions and Branches
We only support 2 major versions for security patches
| Version | Branch | Supported | Specific Tags |
| ------- | ------ | ------------------ | ------------- |
| 4.x | v4.x | :white_check_mark: | v4 |
| 3.x | v3.x | :white_check_mark: | |
| < 2.x | | :x: | v2.x, v1.1.x |
A GitHub repository can used one of the available branches as action inside its workflows.
### End of Life of a branch
When a branch is not supported anymore, the following process occurs
- Since `v4.x` branch, the branch will be deleted 2 major versions after
- So `v4.x` branch will be deleted when `v7.x` branch will have its first release
- prefer the `v4` tag to `v4.x` branch as reference in our workflow,
- Before `v4.x` branch, the branch will be converted into a tag when the support is dropped
- So `v3.x` branch will be converted as tag when `v5.x` branch will have its first release
## Reporting a Vulnerability
You can report a Vulnerability by creating a (https://github.com/rlespinasse/github-slug-action/security/advisories)[draft security advisory] in this project.
If the vulnerability is confirm, a fix will be produce and the advisory will be publish.
Reference in New Issue View Git Blame Copy Permalink