You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The Aranya team takes security seriously. We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.
Discovered issues can be communicated privately to our security team at: <[email protected]>.
Please do not report security vulnerabilities through public GitHub issues. We also appreciate being provided with a reasonable amount of time to resolve the issue before any disclosure to the public or a third party. We may disclose the issue before resolution, if appropriate.
Please include the following information in your report if applicable:
- Description of the vulnerability
- Aranya software version, hardware platform and OS version
- Logs and artifacts
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Suggested mitigation or fix (if any)
- Your name/handle (if you wish to be credited)
## Supported Versions
The latest version or release is supported.
## Disclosure Policy
When we receive a security bug report, we will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
1. Confirm the problem and determine the affected versions.
2. Audit code to find any potential similar problems.
3. Prepare fixes for all still-supported releases.
4. Release new security fix versions and update the public repository.
## Comments on this Policy
If you have suggestions on how this process could be improved, please submit a pull request or open an issue in our public repository.
