Skip to content

Security: eslint/rfcs

SECURITY.md

Security Policy

Supported Versions

Security updates are applied only to the most recent releases.

Reporting a Vulnerability

To securely report a vulnerability, please open an advisory on GitHub. This form is also accessible when submitting a new issue.

Vulnerability Process

  1. Your report will be acknowledged within two business days.
  2. The team will investigate and update the issue with relevant information.
  3. If the team does not confirm the report, no further action will be taken and the issue will be closed.
  4. If the team confirms the report, the team will take action to fix it immediately:
    1. Commits will be handled in a private repository for review and testing.
    2. Release a new patch version from the private repository.
    3. Write a blog post disclosing the vulnerability.
    4. Notify Tidelift about the vulnerability.

There aren’t any published security advisories