rt-thread/.github/SECURITY.md

35 lines
1.3 KiB
Markdown

# Security Policy
## Supported Versions
The RT-Thread project supports the following versions with security updates:
- The most recent release, and the release prior to that.
- Active LTS releases.
At this time, with the latest release of v5.0.0, the supported
versions are:
- xxx
- xxx
## Reporting a Vulnerability
Please see [xx](xx) for detail about the security vulnerability reporting process.
Vulnerabilities to the RT-Thread project may be reported via email to the XXX@XXX mailing list. These reports will be acknowledged and analyzed by the security response team within 1 week. Each vulnerability will be entered into the RT-Thread security advisory GitHub.
To report a security vulnerability, you need to provide at least the following information:
### Summary
_Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server._
### Details
_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._
### PoC
_Complete instructions, including specific configuration details, to reproduce the vulnerability._
### Impact
_Give all affected versions. What kind of vulnerability is it? Which components are impacted?_