Skip to content

Security: meigma/ghd

Security

Report a vulnerability

SECURITY.md

Security Policy

This document explains which versions of ghd receive security updates and how to report vulnerabilities privately.

Supported Versions

Before ghd reaches 1.0, security fixes target the default branch and the latest released version. Older pre-1.0 releases may not receive backported fixes unless a specific advisory says otherwise.

Reporting a Vulnerability

Report vulnerabilities privately through GitHub private vulnerability reporting:

https://github.com/meigma/ghd/security/advisories/new

Do not use public GitHub issues, pull requests, discussions, chat channels, or other public forums for vulnerability reports.

When reporting a vulnerability, include as much of the following as possible:

  • affected version, commit, or deployment identifier
  • a description of the issue and the security impact
  • steps to reproduce or a minimal proof of concept
  • any relevant logs, screenshots, or traces
  • any suggested mitigations or fixes, if available

There aren't any published security advisories