diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2022-03-15 21:57:26 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-15 21:57:26 +0100 |
| commit | ac300173f68d2497cccf4e5bf558d95fc6105c96 (patch) | |
| tree | 71debfede36bf8985cd5e3e37b6107560c358f57 /SECURITY.md | |
| parent | 80c4db160ecfd201cb82ed320cbe3eb32236ad20 (diff) | |
| parent | c79a03b319e17f5ab8c40d065842607de0d76108 (diff) | |
Merge pull request #1719 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'SECURITY.md')
| -rw-r--r-- | SECURITY.md | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/SECURITY.md b/SECURITY.md index 9d351fce6..5531a306e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,13 +1,19 @@ # Security Policy +If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you should submit the report through our [Bug Bounty Program][bug-bounty]. Alternatively, you can reach us at <hello@joinmastodon.org>. + +You should *not* report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk. + +## Scope + +A "vulnerability in Mastodon" is a vulnerability in the code distributed through our main source code repository on GitHub. Vulnerabilities that are specific to a given installation (e.g. misconfiguration) should be reported to the owner of that installation and not us. + ## Supported Versions | Version | Supported | | ------- | ------------------ | -| 3.4.x | :white_check_mark: | -| 3.3.x | :white_check_mark: | -| < 3.3 | :x: | - -## Reporting a Vulnerability +| 3.4.x | Yes | +| 3.3.x | Yes | +| < 3.3 | No | -hello@joinmastodon.org +[bug-bounty]: https://app.intigriti.com/programs/mastodon/mastodonio/detail |