diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 41ba294f6d..9fee14807e 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -55,11 +55,12 @@ further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting Dan Buch at dan@meatballhat.com. All complaints will be -reviewed and investigated and will result in a response that is deemed necessary -and appropriate to the circumstances. The project team is obligated to maintain -confidentiality with regard to the reporter of an incident. Further details of -specific enforcement policies may be posted separately. +reported by contacting urfave-governance@googlegroups.com, a members-only group +that is world-postable. All complaints will be reviewed and investigated and +will result in a response that is deemed necessary and appropriate to the +circumstances. The project team is obligated to maintain confidentiality with +regard to the reporter of an incident. Further details of specific enforcement +policies may be posted separately. Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other diff --git a/docs/SECURITY.md b/docs/SECURITY.md new file mode 100644 index 0000000000..8af4ce4da9 --- /dev/null +++ b/docs/SECURITY.md @@ -0,0 +1,27 @@ +# Security Policy + +Hello and thank you for your interest in the `urfave/cli` security +policy! :tada: :lock: + +## Supported Versions + +| Version | Supported | +| ------------ | ------------------------------------- | +| `>= v2.3.x` | :white_check_mark: | +| `< v2.3` | :x: | +| `>= v1.22.x` | :white_check_mark: :lady_beetle: [^1] | +| `< v1.22` | :x: | + +## Reporting a Vulnerability + +Please disclose any vulnerabilities by sending an email to: + +[urfave-security@googlegroups.com](mailto:urfave-security@googlegroups.com) + +You should expect a response within 48 hours and further +communications to be decided via email. The `urfave/cli` maintainer +team comprises volunteers who contribute when possible, so please +have patience :bow: + +[^1]: The `v1.22.x` series will receive bug fixes and security + patches only.