mirror of
https://github.com/koloideal/Argenta.git
synced 2026-06-10 10:05:28 +03:00
kolo
ce7e24b924
The entire public api is covered with documentation in two languages - Russian and English. the library now supports the latest three versions of python - 3.12, 3.13 and 3.14 minor design changes: now, when a Boolean flag is entered, its value is an empty string, not None. tests have been adapted to the supported versions of python, readmi has been redesigned in two languages, German is no longer available.
55 lines
2.4 KiB
Markdown
55 lines
2.4 KiB
Markdown
# Security Policy
|
|
|
|
The Argenta team takes security seriously. We appreciate your efforts to responsibly disclose your findings, and we will make every effort to acknowledge your contributions.
|
|
|
|
## Supported Versions
|
|
|
|
This table shows the versions of Argenta that are currently supported with security updates.
|
|
|
|
| Version | Supported |
|
|
|---------|-----------------|
|
|
| 1.1.x | ✅ |
|
|
| < 1.1 | ❌ |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you believe you have found a security vulnerability in Argenta, please report it to us through one of the following methods:
|
|
|
|
- **Email**: Send a detailed report to `kolo.is.main@gmailcom`.
|
|
- **GitHub Security Advisories**: You can create a new security advisory directly in the Argenta repository.
|
|
|
|
**Please do not report security vulnerabilities through public GitHub issues.**
|
|
|
|
### What to Include
|
|
|
|
To help us understand and resolve the issue quickly, please include the following information in your report:
|
|
|
|
- A clear and descriptive title.
|
|
- The affected version(s) of Argenta.
|
|
- A detailed description of the vulnerability.
|
|
- Step-by-step instructions to reproduce the issue (a Proof-of-Concept).
|
|
- The potential impact of the vulnerability.
|
|
- Any suggested mitigations or fixes, if you have any.
|
|
|
|
You can expect a response from us within 48 hours to acknowledge receipt of your report.
|
|
|
|
## Disclosure Process
|
|
|
|
1. Upon receiving a vulnerability report, we will assign it to a team member and begin our investigation.
|
|
2. We will confirm the vulnerability and determine its severity.
|
|
3. We will work on a patch to address the issue.
|
|
4. Once the patch is ready, we will coordinate with you to schedule a release and a public disclosure. We prefer to disclose vulnerabilities through a GitHub Security Advisory.
|
|
5. We will credit you for your discovery in the advisory, unless you prefer to remain anonymous.
|
|
|
|
## Security Best Practices
|
|
|
|
As a user of Argenta, we recommend the following best practices to keep your application secure:
|
|
|
|
- Always use the latest version of Argenta.
|
|
- Regularly scan your project's dependencies for known vulnerabilities.
|
|
- If your application handles sensitive data, ensure it is stored and transmitted securely.
|
|
|
|
## Bug Bounty Program
|
|
|
|
Currently, we do not have a formal bug bounty program. However, we deeply appreciate the work of security researchers and may offer non-monetary recognition for significant contributions.
|