mirror of
https://github.com/kovidgoyal/calibre.git
synced 2025-10-21 05:50:30 -04:00
22 lines
883 B
Markdown
22 lines
883 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
There are no security specific releases of calibre. Security bugs are fixed
|
|
and released just like all other bugs.
|
|
|
|
## Reporting a vulnerability
|
|
|
|
To report security vulnerabilities, open a normal bug report in the
|
|
[calibre bug tracker](https://calibre-ebook.com/bugs) and mark it private.
|
|
|
|
Additionally, you can use GitHub Private security advisories against this
|
|
repository to report issues.
|
|
|
|
Note that I will generally respond to security communication within 72 hours. Once
|
|
the bug is confirmed, it will be fixed or at least mitigated within another 72
|
|
hours, at which time the fix will typically be committed to master and hence be
|
|
public. That timeline might be extended based on the severity of the issue and the
|
|
current state of master in terms of making a new release, if so, it will be
|
|
done in consultation with the issue reporter.
|