diff options
author | Michael Klishin <mklishin@pivotal.io> | 2020-03-25 01:14:24 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-25 01:14:24 +0300 |
commit | 41b2de3b6dd46cd6787e029ed501a93699fef143 (patch) | |
tree | f60bc1074c741e345b1e09e57bb1fe0197ef836c | |
parent | 1ec1ce9d82836885972c0f952b870bc3f02f765c (diff) | |
download | rabbitmq-server-git-41b2de3b6dd46cd6787e029ed501a93699fef143.tar.gz |
Create SECURITY.md
-rw-r--r-- | SECURITY.md | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..762149554f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,24 @@ +# Security Policy + +## Supported Versions + +See [RabbitMQ Release Series](https://www.rabbitmq.com/versions.html) for a list of currently supported +versions. + +Vulnerabilities reported for versions out of support will not be investigated. + + +## Reporting a Vulnerability + +Please responsibly disclosure vulnerabilities to `security@rabbitmq.com` and include the following information: + + * RabbitMQ and Erlang versions used + * Operating system used + * A set of steps to reproduce the observed behavior + * An archive produced by [rabbitmq-collect-env](https://github.com/rabbitmq/support-tools/blob/master/scripts/rabbitmq-collect-env) + + RabbitMQ core team will get back to you after we have triaged the issue. If there's no sufficient reproduction + information available, we won't be able to act on the report. + + RabbitMQ core team does not have a security vulnerability bounty programme at this time. + |