mirror of
https://github.com/Xahau/xahau.js.git
synced 2025-11-04 13:05:49 +00:00
31 lines
1.5 KiB
Markdown
31 lines
1.5 KiB
Markdown
# Security Policy
|
||
|
||
## Supported Versions
|
||
|
||
This table shows which versions of xrpl.js are currently supported with security updates:
|
||
|
||
| Version | Supported |
|
||
| ------- | ---------------------- |
|
||
| 2.x | :white_check_mark: Yes |
|
||
| 1.x | :white_check_mark: Yes |
|
||
| 0.x | :x: No |
|
||
|
||
## Responsible disclosure security policy
|
||
|
||
The responsible disclosure of vulnerabilities helps to protect users of the project. Vulnerabilities are first triaged in a private manner, and only publicly disclosed after a reasonable time period that allows patching the vulnerability and provides an upgrade path for users.
|
||
|
||
When contacting us directly via email, we will do our best to respond in a reasonable time to resolve the issue. Do not disclose the vulnerability until it has been patched and users have been given time to upgrade.
|
||
|
||
We kindly ask you to refrain from malicious acts that put our users, the project, or any of the project’s team members at risk.
|
||
|
||
## Reporting a security issue
|
||
|
||
Security is a top priority. But no matter how much effort we put into security, there can still be vulnerabilities present.
|
||
|
||
If you discover a security vulnerability, please use the following means of communications to report it to us:
|
||
|
||
- Report the security issue to bugs@ripple.com
|
||
- [Ripple Bug Bounty](https://ripple.com/bug-bounty/)
|
||
|
||
Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions.
|