mirror of
https://github.com/pocketpy/pocketpy
synced 2026-03-22 21:20:17 +00:00
38 lines
1.0 KiB
Markdown
38 lines
1.0 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you discover a security vulnerability in pocketpy, please report it responsibly.
|
|
|
|
Do NOT open a public GitHub issue for security-sensitive bugs.
|
|
|
|
Instead, report the issue privately by contacting the maintainers with:
|
|
|
|
- A clear description of the vulnerability
|
|
- Steps to reproduce the issue
|
|
- A minimal proof-of-concept (if possible)
|
|
- Environment details (OS, compiler, version, build flags)
|
|
|
|
Examples of security issues include:
|
|
|
|
- Heap-buffer-overflow
|
|
- Stack-buffer-overflow
|
|
- Use-after-free
|
|
- Out-of-bounds read/write
|
|
- Crashes triggered by crafted input
|
|
|
|
## Response Process
|
|
|
|
After receiving a report, maintainers may:
|
|
|
|
1. Confirm and reproduce the issue
|
|
2. Investigate and prepare a fix
|
|
3. Release a patched version
|
|
4. Publicly disclose the issue after it is resolved
|
|
|
|
Please allow reasonable time for investigation and remediation before public disclosure.
|
|
|
|
## Supported Versions
|
|
|
|
Security fixes are typically applied to the latest development version.
|
|
Older versions may not receive patches. |