efb6a032c8
* Add Security Policy on how we handle reports * Update SECURITY.md Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu> * Add note about privately reporting ...to the openrefine-coredev@googlegroups.com mailing list Note, mailing list group is private already but does indeed allow outside persons to email to us. ** Group members - can post but posts from new members will be held for moderation. Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
19 lines
729 B
Markdown
19 lines
729 B
Markdown
# OpenRefine Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
| Version | Supported |
|
|
| ------- | ------------------ |
|
|
| 3.4.x | :white_check_mark: |
|
|
| <= 3.3 | :x: |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
You can privately report a vulnerability to us by sending a report to this private mailing list [mailto:openrefine-coredev@googlegroups.com](mailto:openrefine-coredev@googlegroups.com)
|
|
|
|
Our core team will try their best to fix any valid vulnerability that is reported to them.
|
|
|
|
Keep in mind that OpenRefine is designed to run locally on a users PC, while also making network calls across the internet only upon a users choice or command.
|
|
|
|
As such, certain vulnerabilities might not apply to OpenRefine's design.
|