|
|
@@ -0,0 +1,26 @@
|
|
|
+# Security Policy
|
|
|
+
|
|
|
+## Reporting a Vulnerability
|
|
|
+
|
|
|
+If you discover a security vulnerability in the Dioxus project, please report it **privately and responsibly** by emailing [security@dioxuslabs.com](mailto:security@dioxuslabs.com). **Do not report security issues publicly on GitHub or through issue trackers**. We take all security reports seriously and will respond promptly.
|
|
|
+
|
|
|
+## Coordinated Vulnerability Response
|
|
|
+
|
|
|
+When a security issue is reported, the Dioxus team prioritizes its resolution and coordinates a fix. We may work with affected users, upstream maintainers, and the original reporter to ensure a responsible and timely remediation. We use [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories) for secure communication and coordinated disclosure.
|
|
|
+
|
|
|
+If you're a downstream user or maintainer and believe you're affected, you can request to join the coordination process. Please email us at [security@dioxuslabs.com](mailto:security@dioxuslabs.com) with your:
|
|
|
+
|
|
|
+- Contact email
|
|
|
+- GitHub username(s)
|
|
|
+- Relevant project or ecosystem information
|
|
|
+
|
|
|
+Participation is granted at the discretion of the Dioxus team.
|
|
|
+
|
|
|
+## Security Advisory Disclosures
|
|
|
+
|
|
|
+We are committed to being transparent about security issues that affect Dioxus. Once a fix is in place, we announce advisories through:
|
|
|
+
|
|
|
+- [GitHub Release Notes](https://github.com/DioxusLabs/dioxus/releases).
|
|
|
+- The [RustSec Advisory Database](https://github.com/RustSec/advisory-db) (used by tools like `cargo-audit`).
|
|
|
+
|
|
|
+Users are encouraged to stay up to date with releases and monitor advisories relevant to their projects.
|
Mahmoud 🦀