Skip to content

Latest commit

 

History

History
39 lines (22 loc) · 2.33 KB

SECURITY.md

File metadata and controls

39 lines (22 loc) · 2.33 KB

Security Policy

Supported Versions

We actively support the following versions of the Ansible role. If you are using an older version, please consider upgrading to receive the latest security updates and improvements.

Version Supported
x.y.z
a.b.c
< a.b.c

Reporting a Vulnerability

If you discover a security vulnerability in this Ansible role, we appreciate your help in disclosing it to us in a responsible manner. Please follow the steps below:

  1. Do not report vulnerabilities in public GitHub issues. Instead, send an email to [SECURITY_CONTACT_EMAIL]. Use a descriptive subject line such as "Security Vulnerability in [Ansible Role Name]".

  2. Provide as much detail as possible about the vulnerability. Include details on how to reproduce the issue, the potential impact, and any suggestions you may have for fixing the issue.

  3. We will acknowledge receipt of your report within 2 business days and begin an investigation. We will work with you to understand the issue and address it as quickly as possible.

  4. Security patches will be released as part of the regular update process. We will inform you of the outcome of our investigation and the timeline for a fix.

  5. To protect users, we will keep details of the vulnerability private until a fix is released. Once the vulnerability is fixed, we will publicly acknowledge your contribution unless you prefer to remain anonymous.

Security Best Practices

To help ensure the security of your deployments, we recommend the following best practices when using this Ansible role:

  • Keep your dependencies up-to-date: Regularly update Ansible and other dependencies to their latest versions to ensure you have the latest security patches.

  • Review the role's configuration: Ensure that the variables and configurations you use with the role are secure and do not expose sensitive information.

  • Test changes in a safe environment: Before deploying changes to production, test them in a staging environment to ensure they do not introduce security vulnerabilities.

Thank You

We appreciate your efforts to help keep this project secure and to protect the community's systems. Your contributions are vital to the success of this project and its users.