mirror of
https://github.com/halo-dev/halo.git
synced 2024-10-23 09:15:41 +08:00
860f694385
#### What type of PR is this? /kind cleanup #### What this PR does / why we need it: Not long ago, we announced the cessation of maintenance for 1.x at <https://www.halo.run/archives/halo-1.x-eol>. So we also need to to synchronize changes to security policies. #### Does this PR introduce a user-facing change? ```release-note None ```
1.5 KiB
1.5 KiB
Security Policy
Supported Versions
Halo currently supports the versions listed below, where as:
- ✅ indicates an active development roadmap, is therefore maintaining, and will receive Security Vulnerability Report.
- ❌ indicates such version has already deprecated and will not be receiving Security Vulnerability Report.
| Version | Supported |
|---|---|
| 0.x | ❌ |
| 1.x | ❌ |
| 2.x | ✅ |
Reporting a Vulnerability
We first appreciate and are very thankful that you've found a vulnerability issue in Halo! By disclosing such issue to Halo development team you are helping Halo to become a much more safer project than before! ;)
To protect the existing users of Halo, we kindly ask you to not disclose the vulnerability to anyone except the Halo development team before a fix has been rolled out.
To Report a Vulnerability, please complete the form below, and send such report by email to hi@halo.run.
Vulnerability has been observed in...
- Docker? [n/y]:
if yes for the question above,
- `docker -v`:
- `docker images halohub/halo`:
- by `java -jar halo.jar`? [n/y]:
if yes for the question above,
- `uname -a`:
- `java -version`:
- Affected by Halo version(s) [e.g. v2.4.0]:
- Vulnerability self-scoring [1-10]:
- Would you like to be attributed? (Whether you agree us to appreciate you by putting your name in the CHANGELOG of the next fix release) [n/y]: