diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2022-03-15 08:13:22 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-15 08:13:22 +0100 |
| commit | 703809ae98d62333a0a061d40f8b7b2b39ba955b (patch) | |
| tree | acfb0b64016239fe271dad3c828f9e66ee531226 /SECURITY.md | |
| parent | a7941176791ec8ad56e45efbb449b9d09a580a6b (diff) | |
Remove references to discourse.joinmastodon.org (#17797)
Remove broken CODEOWNERS file Add sponsor.joinmastodon.org to FUNDING.yml
Diffstat (limited to 'SECURITY.md')
| -rw-r--r-- | SECURITY.md | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/SECURITY.md b/SECURITY.md index 9d351fce6..5531a306e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,13 +1,19 @@ # Security Policy +If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you should submit the report through our [Bug Bounty Program][bug-bounty]. Alternatively, you can reach us at <hello@joinmastodon.org>. + +You should *not* report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk. + +## Scope + +A "vulnerability in Mastodon" is a vulnerability in the code distributed through our main source code repository on GitHub. Vulnerabilities that are specific to a given installation (e.g. misconfiguration) should be reported to the owner of that installation and not us. + ## Supported Versions | Version | Supported | | ------- | ------------------ | -| 3.4.x | :white_check_mark: | -| 3.3.x | :white_check_mark: | -| < 3.3 | :x: | - -## Reporting a Vulnerability +| 3.4.x | Yes | +| 3.3.x | Yes | +| < 3.3 | No | -hello@joinmastodon.org +[bug-bounty]: https://app.intigriti.com/programs/mastodon/mastodonio/detail |