Skip to content

Latest commit

 

History

History
35 lines (22 loc) · 1.28 KB

SECURITY.md

File metadata and controls

35 lines (22 loc) · 1.28 KB

Security Policy

Supported Versions

The following versions of cross-fetch are currently supported with security updates:

  • the latest commit on the v4.x branch;
  • the 4.x release tagged as latest on npm;
  • the 3.x release tagged as latest-v3.x on npm;

Reporting a Vulnerability

Please report security issues by sending an email to lquixada@gmail.com.

Do not submit an issue ticket or pull request or otherwise publicly disclose the issue.

After receiving your email, the author will respond as soon as possible and suggest a plan of action.

Disclosure policy

After confirming a vulnerability, the author will generally release a security update as soon as possible, including the minimum amount of information required for software maintainers and system administrators to assess the urgency of the update for their particular situation.

The publication of any further details such as code comments, tests, commit history and diffs will be postponed in order to enable a substantial share of the users to install the security fix before this time.

Upon publication of full details, the reporter will be credited if the reporter wishes to be publicly identified.