rt-thread-official/.github/SECURITY.md

# Security Policy

## Supported Versions

The RT-Thread project supports the following versions with security updates:

  - The most recent release, and the release prior to that.
  - Active LTS releases.

At this time, with the latest release of v5.0.0, the supported
versions are:

  - xxx
  - xxx

## Reporting a Vulnerability

Please see [xx](xx) for detail about the security vulnerability reporting process.
Vulnerabilities to the RT-Thread project may be reported via email to the XXX@XXX mailing list. These reports will be acknowledged and analyzed by the security response team within 1 week. Each vulnerability will be entered into the RT-Thread security advisory GitHub.

To report a security vulnerability, you need to provide at least the following information:

### Summary
_Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server._

### Details
_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._

### PoC
_Complete instructions, including specific configuration details, to reproduce the vulnerability._

### Impact
_Give all affected versions. What kind of vulnerability is it? Which components are impacted?_
[security] Set up security policy 2023-04-15 23:14:32 +08:00			`# Security Policy`

			`## Supported Versions`

Update SECURITY.md 2023-04-30 10:50:58 +08:00			`The RT-Thread project supports the following versions with security updates:`
[security] Set up security policy 2023-04-15 23:14:32 +08:00
Update SECURITY.md 2023-04-30 10:50:58 +08:00			`- The most recent release, and the release prior to that.`
			`- Active LTS releases.`

			`At this time, with the latest release of v5.0.0, the supported`
			`versions are:`

			`- xxx`
			`- xxx`
[security] Set up security policy 2023-04-15 23:14:32 +08:00
			`## Reporting a Vulnerability`

Update SECURITY.md 2023-04-30 10:50:58 +08:00			`Please see [xx](xx) for detail about the security vulnerability reporting process.`
			`Vulnerabilities to the RT-Thread project may be reported via email to the XXX@XXX mailing list. These reports will be acknowledged and analyzed by the security response team within 1 week. Each vulnerability will be entered into the RT-Thread security advisory GitHub.`

			`To report a security vulnerability, you need to provide at least the following information:`

			`### Summary`
			`_Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server._`

			`### Details`
			`_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._`

			`### PoC`
			`_Complete instructions, including specific configuration details, to reproduce the vulnerability._`

			`### Impact`
			`_Give all affected versions. What kind of vulnerability is it? Which components are impacted?_`
[security] Set up security policy 2023-04-15 23:14:32 +08:00