Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork4
Security: create-go-app/net_http-go-template
Security
SECURITY.md
We commit to publishing security updates for the version of all Create Go App project's projectscurrently on themain branch.
To report a vulnerability, please e-mailkoddr.me@gmail.com with a description of the issue,the steps you took to create the issue, affected versions, and if known, mitigation for the issue.
We should reply within five working days, probably much sooner. (Unfortunately, we do receivespam at this address, as well as well-meaning but ultimately misguided reports that do notrepresent issues for which this process is appropriate.)
We use GitHub's security advisory feature to track open security issues. You should expecta close collaboration as we work to resolve the issue you have reported. Please reach out tokoddr.me@gmail.com again if you do not receive prompt attention and regular updates.
This section describes the process used by the Create Go App project team when handling vulnerabilityreports.
Vulnerability reports are received via thekoddr.me@gmail.com e-mail alias. Certain team memberswho have been designated the "vulnerability management team" receive these e-mails. When receivingsuch an e-mail, they will:
- Reply to the e-mail acknowledging its receipt, cc'ing
koddr.me@gmail.comso that the othermembers of the team are aware that they are handling the issue. If the e-mail does not describean actual vulnerability, the process will stop here. - Create a new security advisory for Create Go App's project. One must be one of the repo admins todo this. Vulnerability management team members who are not also a repo admin will reach out tothe repo admins until they find one who can create the advisory. The repository administrator,who is also a member of the vulnerability management team, is@koddr.
- Add the reporter to the security advisory so that they can get updates.
- Inform the relevant team lead, adding them to the security advisory.
As the fix is being developed, they will then reach out to the reporter to ask them if they wouldlike to be involved and whether they would like to be credited. For credit, the GitHub security advisory UI has a field that allows contributors to be credited.
When the issue is resolved, they will contact the release team and our PR team to coordinate the publication of the security advisory.
Security issues have the priority level. We attempt to fix them as quickly as possible.
For more information on security advisories, seethe GitHub documentation.