rt-thread-official/.github/SECURITY.md

1.3 KiB

Security Policy

Supported Versions

The RT-Thread project supports the following versions with security updates:

  • The most recent release, and the release prior to that.
  • Active LTS releases.

At this time, with the latest release of v5.0.0, the supported versions are:

  • xxx
  • xxx

Reporting a Vulnerability

Please see xx for detail about the security vulnerability reporting process. Vulnerabilities to the RT-Thread project may be reported via email to the XXX@XXX mailing list. These reports will be acknowledged and analyzed by the security response team within 1 week. Each vulnerability will be entered into the RT-Thread security advisory GitHub.

To report a security vulnerability, you need to provide at least the following information:

Summary

Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server.

Details

Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.

PoC

Complete instructions, including specific configuration details, to reproduce the vulnerability.

Impact

Give all affected versions. What kind of vulnerability is it? Which components are impacted?