diff options
Diffstat (limited to 'SECURITY.md')
| -rw-r--r-- | SECURITY.md | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/SECURITY.md b/SECURITY.md index 9d351fce6..5531a306e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,13 +1,19 @@ # Security Policy +If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you should submit the report through our [Bug Bounty Program][bug-bounty]. Alternatively, you can reach us at <hello@joinmastodon.org>. + +You should *not* report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk. + +## Scope + +A "vulnerability in Mastodon" is a vulnerability in the code distributed through our main source code repository on GitHub. Vulnerabilities that are specific to a given installation (e.g. misconfiguration) should be reported to the owner of that installation and not us. + ## Supported Versions | Version | Supported | | ------- | ------------------ | -| 3.4.x | :white_check_mark: | -| 3.3.x | :white_check_mark: | -| < 3.3 | :x: | - -## Reporting a Vulnerability +| 3.4.x | Yes | +| 3.3.x | Yes | +| < 3.3 | No | -hello@joinmastodon.org +[bug-bounty]: https://app.intigriti.com/programs/mastodon/mastodonio/detail |