ohmyzsh/SECURITY.md

# Security Policy

## Supported Versions

At the moment Oh My Zsh only considers the very latest commit to be supported.
We combine that with our fast response to incidents and the automated updates
to minimize the time between vulnerability publication and patch release.

| Version        | Supported          |
|:-------------- |:------------------ |
| master         | :white_check_mark: |
| other commits  | :x:                |

In the near future we will introduce versioning, so expect this section to change.

## Reporting a Vulnerability

**Do not submit an issue or pull request**: this might reveal the vulnerability.

Instead, you should email the maintainers directly at: [**security@ohmyz.sh**](mailto:security@ohmyz.sh).

We will deal with the vulnerability privately and submit a patch as soon as possible.

You can also submit your vulnerability report to [huntr.dev](https://huntr.dev/bounties/disclose/?utm_campaign=ohmyzsh%2Fohmyzsh&utm_medium=social&utm_source=github&target=https%3A%2F%2Fgithub.com%2Fohmyzsh%2Fohmyzsh) and see if you can get a bounty reward.
docs: add Security Policy 2021-11-03 17:21:04 +00:00			`# Security Policy`

			`## Supported Versions`

			`At the moment Oh My Zsh only considers the very latest commit to be supported.`
chore: update security docs and link to huntr.dev 2021-12-07 17:04:33 +00:00			`We combine that with our fast response to incidents and the automated updates`
			`to minimize the time between vulnerability publication and patch release.`
docs: add Security Policy 2021-11-03 17:21:04 +00:00
			`\| Version \| Supported \|`
			`\|:-------------- \|:------------------ \|`
			`\| master \| :white_check_mark: \|`
			`\| other commits \| :x: \|`

			`In the near future we will introduce versioning, so expect this section to change.`

			`## Reporting a Vulnerability`

chore: update security docs and link to huntr.dev 2021-12-07 17:04:33 +00:00			`Do not submit an issue or pull request: this might reveal the vulnerability.`
docs: add Security Policy 2021-11-03 17:21:04 +00:00
chore: update security docs and link to huntr.dev 2021-12-07 17:04:33 +00:00			`Instead, you should email the maintainers directly at: [security@ohmyz.sh](mailto:security@ohmyz.sh).`
docs: add Security Policy 2021-11-03 17:21:04 +00:00
chore: update security docs and link to huntr.dev 2021-12-07 17:04:33 +00:00			`We will deal with the vulnerability privately and submit a patch as soon as possible.`

			`You can also submit your vulnerability report to [huntr.dev](https://huntr.dev/bounties/disclose/?utm_campaign=ohmyzsh%2Fohmyzsh&utm_medium=social&utm_source=github&target=https%3A%2F%2Fgithub.com%2Fohmyzsh%2Fohmyzsh) and see if you can get a bounty reward.`