|
| 1 | +#Security Policy |
| 2 | + |
| 3 | +##Supported versions |
| 4 | + |
| 5 | +The following table describes the versions of this project that are currently |
| 6 | +supported with security updates: |
| 7 | + |
| 8 | +| Version| Supported| |
| 9 | +| -------| ------------------| |
| 10 | +| 4.x|:white_check_mark:| |
| 11 | +| 3.x|:x:| |
| 12 | +| 2.x|:x:| |
| 13 | +| 1.x|:x:| |
| 14 | + |
| 15 | +##Responsible disclosure security policy |
| 16 | + |
| 17 | +A responsible disclosure policy helps protect users of the project from publicly |
| 18 | +disclosed security vulnerabilities without a fix by employing a process where |
| 19 | +vulnerabilities are first triaged in a private manner, and only publicly disclosed |
| 20 | +after a reasonable time period that allows patching the vulnerability and provides |
| 21 | +an upgrade path for users. |
| 22 | + |
| 23 | +We kindly ask you to refrain from malicious acts that put our users, the project, |
| 24 | +or any of the project’s team members at risk. |
| 25 | + |
| 26 | +##Reporting a security issue |
| 27 | + |
| 28 | +We consider the security of Lodash a top priority. But no matter how much effort |
| 29 | +we put into security, there can still be vulnerabilities present. |
| 30 | + |
| 31 | +If you discover a security vulnerability, please report the security issue |
| 32 | +directly to the Lodash maintainers through the[Security tab](https://github.com/lodash/lodash/security) of the Lodash |
| 33 | +repository. |
| 34 | + |
| 35 | +Your efforts to responsibly disclose your findings are sincerely appreciated. |