Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 15841b9

Browse filesBrowse files
tacaswelltacaswell
authored
Merge pull request #18537 from matplotlib/security-policy
GOV: Create security policy
2 parents 3b1be53 + 8733b9b commit 15841b9
Copy full SHA for 15841b9

File tree

Expand file treeCollapse file tree

2 files changed

+38
-0
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+38
-0
lines changed

‎SECURITY.md

Copy file name to clipboard
+31Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
# Security Policy
2+
3+
## Supported Versions
4+
5+
The following table lists versions and whether they are supported. Security
6+
vulnerability reports will be accepted and acted upon for all supported
7+
versions.
8+
9+
| Version | Supported |
10+
| ------- | ------------------ |
11+
| 3.3.x | :white_check_mark: |
12+
| 3.2.x | :white_check_mark: |
13+
| 3.1.x | :x: |
14+
| 3.0.x | :x: |
15+
| 2.2.x | :white_check_mark: |
16+
| < 2.2 | :x: |
17+
18+
## Reporting a Vulnerability
19+
20+
If you have found a security vulnerability, in order to keep it confidential,
21+
please do not report an issue on GitHub.
22+
23+
Please email us details of the vulnerability at matplotlib@numfocus.org;
24+
include a description and proof-of-concept that is [short and
25+
self-contained](http://www.sscce.org/).
26+
27+
You should expect a response within a week of your email. Depending on the
28+
severity of the issue, this may require some time to draft an immediate bugfix
29+
release. Less severe issues may be held until the next release.
30+
31+
We do not award bounties for security vulnerabilities.

‎doc/devel/release_guide.rst

Copy file name to clipboardExpand all lines: doc/devel/release_guide.rst
+7Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,13 @@ Merge ``*-doc`` branch
9696
Merge the most recent 'doc' branch (e.g., ``v3.2.0-doc``) into the branch you
9797
are going to tag on and delete the doc branch on GitHub.
9898

99+
Update supported versions in Security Policy
100+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
101+
102+
When making major or minor releases, update the supported versions in the
103+
Security Policy in :file:`SECURITY.md`. Commonly, this may be one or two
104+
previous minor releases, but is dependent on release managers.
105+
99106
Update "What's New" and "API changes"
100107
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
101108

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.