Skip to content

Security: roelj/seshat

Security

SECURITY.md

Security Policy

Reporting a vulnerability

If you have found a (potential) security issue in seshat, or are unsure whether an issue is security-relevant, please report it privately by e-mail to security@seshat.software.

Please do not report security issues through public issue trackers or pull requests, as this may put users of the project at risk before a fix is available.

It helps us if you include the following in your report:

  • A description of the issue and its potential impact
  • Steps to reproduce the issue, or a proof of concept
  • The version or commit of seshat you tested against
  • Any relevant configuration details

We will acknowledge your report and keep you informed as we work on a fix. We kindly ask that you give us a reasonable amount of time to address the issue before any public disclosure and we will credit you for the discovery if you wish.

Security announcements

If you are running (or are going to run) an instance of seshat and would like to receive advance notice of security issues and fixes, you can ask (your security coordinator) to join the security mailing list by writing to security@seshat.software.

Scope

This policy covers the seshat software itself, as developed at codeberg.org/seshat/seshat. Issues in third-party dependencies should be reported to their respective projects, though we appreciate a heads-up if such an issue affects seshat deployments.

There aren't any published security advisories