SECURITY.md

Security Policy

Vulnerability Reporting

This section contains information on how to report security vulnerabilities from the community or users.

To report a security vulnerability, you can follow the steps below:

1. If you have found a security vulnerability, contact us here via email.
2. Provide a detailed explanation of the security vulnerability.
3. Include screenshots or code examples if necessary.
4. The reported security vulnerability will be examined, and you will be notified whether it will be fixed or not.
5. If additional information or corrections are needed during the review process, you can share that information.
6. The reported security vulnerability will be addressed as quickly as possible and prioritized based on its severity.
7. The security vulnerability will be tracked with regular status reports updated at specific intervals after the primary communication.
8. Fixed security vulnerabilities will be released in the next version and communicated to users.
9. If the reported security vulnerability is accepted, a thank-you email will be sent to the reporting party, along with the necessary recognition for their contributions.
10. If a reported security vulnerability is rejected, the reasons for rejection will be explained in detail, and alternative solutions will be provided.
11. The security vulnerability report and solution will be shared on the project's GitHub page with a published security update note.
12. The relevant security vulnerability will not be officially disclosed until it is fixed, and information sharing will be limited during this period.
13. Users and the community will be regularly informed about the reported security vulnerability on the project's GitHub page with updates.
14. After fixing the security vulnerability, the project's security status will be updated, specifying the update status for supported versions.
15. When a security vulnerability is detected, the components and versions affected by the vulnerability will be identified, and this information will be shared in the update note.
16. All communication related to the security vulnerability will be conducted transparently, providing clarity to the community.
17. User privacy and security will always be a priority during the security vulnerability reporting process.
18. The status of reviewed security vulnerabilities will be regularly updated on the project's security page, accessible from the official sources of the project.
19. While working on the security vulnerability report and solution, coordination with the project developers will be maintained, and the correction process will be conducted fairly and transparently.
20. In response to a security vulnerability report, regular updates on the status and progress of the process will be provided to the reporting party.