File size: 1,781 Bytes
2c6aada | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | # Security Policy
## Supported Versions
This project follows the release scheme `vMAJOR.CODE.RESOURCE`.
| Version Line | Security Updates |
| --- | --- |
| `main` | Yes |
| `v1.x.x` | Yes |
| `v0.x` and older | No |
Only the latest `main` branch and current major release line receive active security fixes.
## Reporting a Vulnerability
### Preferred (Private)
Use GitHub private vulnerability reporting:
- [Report a vulnerability](https://github.com/Musawer1214/pashto-language-resources/security/advisories/new)
Do not open a public issue with exploit details.
### If Private Reporting Is Not Available
Open a minimal public issue with title `Security Report Request` and no technical details. A maintainer will move follow-up to a safer channel.
## What To Include
Please include:
- Affected file, component, or script
- Reproduction steps and impact
- Proof of concept (if safe)
- Suggested fix (if available)
- Whether the issue is already public
## Response Timeline
- Acknowledgment: within 72 hours
- Initial triage: within 7 days
- Remediation target:
- Critical: 14 days
- High: 30 days
- Medium/Low: next scheduled maintenance release
If timelines change, maintainers will provide updates in the advisory thread.
## Disclosure Policy
- Please use coordinated disclosure.
- Do not publish exploit details until a fix or mitigation is released.
- After release, maintainers may publish a security advisory and changelog note.
## Scope Notes
In scope:
- Repository code and automation scripts
- GitHub Actions workflows in this repository
- Published search page code under `docs/search/`
Out of scope:
- Vulnerabilities only in third-party platforms/services not controlled by this repository
- Social engineering and physical access attacks
|