github/socket.io
1
1
Fork 0
mirror of https://github.com/socketio/socket.io.git synced 2026-01-10 15:37:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

chore: add security policy

Browse Source
This commit is contained in:
Damien Arrachequesne
2022-12-14 07:42:42 +01:00
committed by GitHub
parent 6d87a4065a
commit bd74e7c988
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
SECURITY.md Normal file
View File

@@ -0,0 +1,23 @@
# Security Policy
## Supported Versions
| Version | `socket.io` version | Supported |
|---------|---------------------|--------------------|
| 6.x | 4.x | :white_check_mark: |
| 4.x | 3.x | :white_check_mark: |
| 3.5.x | 2.4.x | :white_check_mark: |
| < 3.5.0 | < 2.4.0 | :x: |
## Reporting a Vulnerability
To report a security vulnerability in this package, please send an email to [@darrachequesne](https://github.com/darrachequesne) (see address in profile) describing the vulnerability and how to reproduce it.
We will get back to you as soon as possible and publish a fix if necessary.
:warning: IMPORTANT :warning: please do not create an issue in this repository, as attackers might take advantage of it. Thank you in advance for your responsible disclosure.
## History
- Jan 2022: [Uncaught exception in engine.io](https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f) (CVE-2022-21676)
- Nov 2022: [Uncaught exception in engine.io](https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w) (CVE-2022-41940)