|
|
@@ -0,0 +1,33 @@
|
|
|
+# Security Policy
|
|
|
+
|
|
|
+## Supported Versions
|
|
|
+
|
|
|
+| Version | Supported |
|
|
|
+| ------- | ------------------ |
|
|
|
+| 5.1.x | :white_check_mark: |
|
|
|
+| 5.0.x | :x: |
|
|
|
+| 4.0.x | :white_check_mark: |
|
|
|
+| < 4.0 | :x: |
|
|
|
+
|
|
|
+## Reporting a Vulnerability
|
|
|
+
|
|
|
+If you have found a potential security threat, vulnerability or exploit in Quasar
|
|
|
+or one of its upstream dependencies, please DON’T create a pull-request, DON’T
|
|
|
+file an issue on GitHub, DON’T mention it on Discord and DON’T create a forum thread.
|
|
|
+
|
|
|
+DO reach out to the team by sending an email to security@quasar.dev - we
|
|
|
+will investigate and work with you to triage this issue and help you to report it
|
|
|
+if appropriate. At the current time we do not have the financial ability to reward
|
|
|
+bounties, but in extreme cases will at our discretion consider a reward.
|
|
|
+
|
|
|
+## Security Audit
|
|
|
+
|
|
|
+You can apply to book the Quasar team’s security experts to perform a Security Audit
|
|
|
+for your project. Contact us to find out more about how to acquire, validate and publish
|
|
|
+an official timestamped and version-locked audit badge.
|
|
|
+
|
|
|
+security@quasar.dev
|
|
|
+
|
|
|
+## Security Documentation
|
|
|
+
|
|
|
+https://quasar.dev/security/
|
nothingismagick