From 3b16b46aae979b9a130c5dd42430dda37b623282 Mon Sep 17 00:00:00 2001 From: Maryna Herasimovich Date: Wed, 28 Aug 2024 20:51:54 -0700 Subject: [PATCH] Added security policy. --- SECURITY.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..2b48e47e3 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,20 @@ +# Security Policy + +## Latest Versions + +We advise users to run the most recent mainline or stable release of nginx. + +## Reporting a Vulnerability + +Please report any vulnerabilities via one of the following methods +(in order of preference): + +1. [Report a vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) +within this repository. We are using the Github workflow that allows us to +manage vulnerabilities in a private manner and to interact with reporters +securely. + +2. [Report directly to F5](https://www.f5.com/services/support/report-a-vulnerability). + +3. Report via email to security-alert@nginx.org. +This method will be deprecated in the future.