We take the security of Holo very seriously. This document outlines our security policy and procedures for reporting vulnerabilities.
The Holo project follows the SemVer versioning scheme. The latest major release is the only one that is actively maintained.
Your help in keeping Holo Routing secure is greatly appreciated! If you believe you've found a security vulnerability, we kindly ask you to report it to us privately.
Please DO NOT report vulnerabilities through public GitHub issues or pull requests.
Instead, please use GitHub's private vulnerability reporting feature:
- Navigate to our dedicated report a vulnerability page.
- Follow the instructions to submit your report.
You can find more detailed information about this private reporting process on GitHub's official documentation: Privately reporting a security vulnerability.
Once you submit a report:
- Our team will triage your submission promptly to understand the nature and severity of the vulnerability.
- We'll keep you informed about our progress. We might ask for more details or steps to reproduce the issue within the private advisory comments.
- We commit to working with you to understand and resolve the vulnerability.
- If your reported vulnerability leads to a security fix, we'll gladly credit you in the security advisory once it's publicly disclosed, unless you prefer to remain anonymous.