2021-11-04 01:21:04 +08:00
|
|
|
# Security Policy
|
|
|
|
|
|
|
|
## Supported Versions
|
|
|
|
|
|
|
|
At the moment Oh My Zsh only considers the very latest commit to be supported.
|
2021-12-08 01:04:33 +08:00
|
|
|
We combine that with our fast response to incidents and the automated updates
|
|
|
|
to minimize the time between vulnerability publication and patch release.
|
2021-11-04 01:21:04 +08:00
|
|
|
|
|
|
|
| Version | Supported |
|
|
|
|
|:-------------- |:------------------ |
|
|
|
|
| master | :white_check_mark: |
|
|
|
|
| other commits | :x: |
|
|
|
|
|
|
|
|
In the near future we will introduce versioning, so expect this section to change.
|
|
|
|
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
|
2021-12-08 01:04:33 +08:00
|
|
|
**Do not submit an issue or pull request**: this might reveal the vulnerability.
|
2021-11-04 01:21:04 +08:00
|
|
|
|
2023-10-23 19:24:35 +08:00
|
|
|
Instead, you should email the maintainers directly at: [**security@ohmyz.sh**](mailto:security@ohmyz.sh),
|
|
|
|
or using the link to [privately report a vulnerability with GitHub](https://github.com/ohmyzsh/ohmyzsh/security/advisories/new).
|
2021-11-04 01:21:04 +08:00
|
|
|
|
2021-12-08 01:04:33 +08:00
|
|
|
We will deal with the vulnerability privately and submit a patch as soon as possible.
|