mirrors/jellyseerr
1
0
Fork 0
mirror of https://github.com/fallenbagel/jellyseerr.git synced 2025-12-24 02:39:18 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
500ced0fdd5c6ed51fa044457e6651dff6c05b75
jellyseerr/SECURITY.md

51 lines
2.3 KiB
Markdown
Raw Blame History

# Security Policy
## Reporting Security Issues
Maintainers and community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](../../security/advisories/new) tab.
**Please do not report security vulnerabilities through public GitHub issues, discussions, or Discord.**
## What to Include in Your Report
To help us better understand and resolve the issue, please include as much of the following information as possible:
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue
## Response Timeline
We will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
## Disclosure Policy
- Security issues will be disclosed in a coordinated manner
- We will credit reporters in the security advisory unless anonymity is requested
- We request that you do not publicly disclose the issue until we have released a fix
## Third-Party Dependencies
If you discover a security vulnerability in a third-party dependency used by Jellyseerr, please report it directly to the maintainers of that module. You can also notify us through our security advisory process so we can:
- Track the issue and monitor for updates
- Apply patches or workarounds if available
- Coordinate with upstream maintainers when necessary
- Communicate the impact to our users
We regularly monitor and update our dependencies to address known security vulnerabilities.
## Security Updates
Security updates and advisories will be published on our [GitHub Security Advisories page](../../security/advisories).
## Community
For general questions and support (non-security related):
- [GitHub Discussions](../../discussions)
- [Discord](https://discord.gg/seerr)
Reference in New Issue View Git Blame Copy Permalink