Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc: clarify reports are only evaluated on active versions #47341

Merged
merged 1 commit into from Apr 3, 2023
Merged

doc: clarify reports are only evaluated on active versions #47341

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
11 changes: 6 additions & 5 deletions SECURITY.md
View file
Open in desktop
Expand Up @@ -31,11 +31,12 @@ maintainers.
Here is the security disclosure policy for Node.js

* The security report is received and is assigned a primary handler. This
person will coordinate the fix and release process. The problem is confirmed
and a list of all affected versions is determined. Code is audited to find
any potential similar problems. Fixes are prepared for all releases which are
still under maintenance. These fixes are not committed to the public
repository but rather held locally pending the announcement.
person will coordinate the fix and release process. The problem is validated
against all supported Node.js versions. Once confirmed, a list of all affected
versions is determined. Code is audited to find any potential similar
problems. Fixes are prepared for all supported releases.
These fixes are not committed to the public repository but rather held locally
pending the announcement.

* A suggested embargo date for this vulnerability is chosen and a CVE (Common
Vulnerabilities and Exposures (CVE®)) is requested for the vulnerability.
Expand Down