Skip to content

Commit 6ecfa97

Browse files
BDonnotBDonnot
authored
Merge branch 'master' into dev_1.11.0
2 parents 1e9025b + 8339ca9 commit 6ecfa97

File tree

1 file changed

+30
-0
lines changed

1 file changed

+30
-0
lines changed

SECURITY.md

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
# Security Policy
2+
3+
Please report any **critical** or **important** security vulnerability, suspected or confirmed, privately to the grid2op maintainer, currently:
4+
5+
- [Benjamin DONNOT](mailto:[email protected])
6+
7+
In your e-mail, please provide basic information about who you are (name and company or research group) as well as detailed steps to reproduce the vulnerabilities (python code, screenshots etc.) and the
8+
effect of said vulnerabilities.
9+
10+
For *moderate* or *low-severity* security vulnerabilities, you can use either :
11+
- use the public [Github issues](https://github.com/Grid2op/grid2op/issues)
12+
- report them via the grid2op discord server (https://discord.gg/cYsYrPT)
13+
- send an e mail to one of the above mentionned person.
14+
15+
In order to help you assess the severity of the potential vulnerability, you can use the [Apache severity rating](https://security.apache.org/blog/severityrating/).
16+
17+
If you are not sure whether the issue should be reported privately or publicly, please make a private report.
18+
19+
## Supported version
20+
21+
**Critical** vulnerabilities will be backward implemented for all patches of the last minor release within the previous calendar year. For example, if a critical vulnerability impact grid2op 1.10.4
22+
(major release 1, minor release 10, patch release 4) the security patch will be made for all patches of grid2op concerning 1.10 (so 1.10.0, 1.10.1, 1.10.2, 1.10.3) as well as all the patch releases
23+
of the current "release train".
24+
25+
**Critical** and **important** vulnerabilities will be forward implemented for all patches of the last published minor release within the previous calendar year. For example, if the current grid2op
26+
relase is 1.11.1 (major release 1, minor release 11, patch release 1) then version 1.11.0 and 1.11.1 will be patched.
27+
28+
For critical, important and moderate patches will be applied for the last patch release of grid2op.
29+
30+
Security patches of all level of severity will be implemented in the current "release train", available in the next release.

0 commit comments

Comments
 (0)