ohmyzsh/SECURITY.md
2021-12-07 18:04:33 +01:00

1.1 KiB

Security Policy

Supported Versions

At the moment Oh My Zsh only considers the very latest commit to be supported. We combine that with our fast response to incidents and the automated updates to minimize the time between vulnerability publication and patch release.

Version Supported
master
other commits

In the near future we will introduce versioning, so expect this section to change.

Reporting a Vulnerability

Do not submit an issue or pull request: this might reveal the vulnerability.

Instead, you should email the maintainers directly at: security@ohmyz.sh.

We will deal with the vulnerability privately and submit a patch as soon as possible.

You can also submit your vulnerability report to huntr.dev and see if you can get a bounty reward.