diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..2cd4d837 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,14 @@ +# Security Policy + +## Supported Versions + +To receive fixes for security vulnerabilities it is required to always upgrade to the latest version of CodeOcean. +See https://github.com/openHPI/codeocean/tree/master for the latest version. + +## Reporting a Vulnerability + +If you have found a vulnerability or you are uncertain whether what you have discovered is a vulnerability, +please send an email to sebastian.serth@hpi.de ([GPG Key](https://github.com/mrserth.gpg)). + +If you have a patch for the issue please use `git format-patch` and attach it to the email. Please do not open an issue or +pull request on GitHub as that may disclose sensitive details around the vulnerability.