This document includes information about the vulnerability reporting, patch, release, and disclosure processes, as well as general security posture.

Vulnerabilities are reported privately via GitHub's Security Advisories feature. Please use the following link to submit your vulnerability: Report a vulnerability

Please see Privately reporting a security vulnerability for more information on how to submit a vulnerability using GitHub's interface.

Our vulnerability management team will respond within 3 working days of your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline.

• You think you discovered a potential security vulnerability in go-ftw
• You are unsure how a vulnerability affects go-ftw
• You think you discovered a vulnerability in another project that go-ftw depends on
  • For projects with their own vulnerability reporting and disclosure process, please report it directly there

• You need help applying security related updates
• Your issue is not security related