This security policy applies to Ping public projects.
Security and bug fixes are generally provided only for the last major version. Fixes are released either as part of the next major version or as an on shom-demand patch version.
Security fixes are given priority and might be enough to cause a new version to be released.
Please do not publicly disclose any security vulnerabilities until a fix has been released. If you find something suspicious, we kindly appreciate your report!
Please contact us via at ping@shom.fr
Do not publish vulnerability reports in public issues or pull requests.
When reporting, please include as much detail as possible:
-
A clear description
-
Steps to reproduce
-
Proof of concept (if available)
-
Estimated impact