Add Security Policy on how we handle reports (#3405)

* Add Security Policy on how we handle reports

* Update SECURITY.md

Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>

* Add note about privately reporting

...to the openrefine-coredev@googlegroups.com mailing list
Note, mailing list group is private already but does indeed allow outside persons to email to us.
** Group members - can post but posts from new members will be held for moderation.

Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
This commit is contained in:
Thad Guidry 2021-03-03 04:33:21 -06:00 committed by GitHub
parent 145126a775
commit efb6a032c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

18
SECURITY.md Normal file
View File

@ -0,0 +1,18 @@
# OpenRefine Security Policy
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| 3.4.x | :white_check_mark: |
| <= 3.3 | :x: |
## Reporting a Vulnerability
You can privately report a vulnerability to us by sending a report to this private mailing list [mailto:openrefine-coredev@googlegroups.com](mailto:openrefine-coredev@googlegroups.com)
Our core team will try their best to fix any valid vulnerability that is reported to them.
Keep in mind that OpenRefine is designed to run locally on a users PC, while also making network calls across the internet only upon a users choice or command.
As such, certain vulnerabilities might not apply to OpenRefine's design.