mirror of
https://github.com/jlengrand/detekt.git
synced 2026-03-10 08:11:23 +00:00
f15ce50d5e
* Create SECURITY.md * Complete initial version of SECURITY.md * Fix PR link * Narrate our supported versions for security * Update SECURITY.md * Update SECURITY.md Co-authored-by: Nicola Corti <corti.nico@gmail.com> * Improve wording * Update SECURITY.md Co-authored-by: Nicola Corti <corti.nico@gmail.com> Co-authored-by: Chao Zhang <chao.zhang@instacart.com> Co-authored-by: Chao Zhang <zhangchao6865@gmail.com> Co-authored-by: Nicola Corti <corti.nico@gmail.com>
18 lines
1.2 KiB
Markdown
18 lines
1.2 KiB
Markdown
# Security Policy
|
|
|
|
## Versions
|
|
|
|
Generally updating to the latest stable version will have all security issues addressed.
|
|
- Security patches are applied up to the **current minor version**.
|
|
- Earlier versions are not supported by default, but we will examine them on a case-by-case basis.
|
|
|
|
| Version | Addressed issues | Fix |
|
|
|---------|------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------|
|
|
| 1.20.0 | [CWE-611](https://cwe.mitre.org/data/definitions/611.html) Improper Restriction of XML External Entity Reference | [#4499](https://github.com/detekt/detekt/pull/4499) |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please report vulnerability to security@detekt.dev.
|
|
We commit to respond within 2 weeks. You may also find us in the [#detekt](https://kotlinlang.slack.com/archives/C88E12QH4) channel of [kotlinlang Slack](https://kotlinlang.slack.com/).
|
|
If you have already reported on vulnerability disclosure platform, please include its link in the report.
|