mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-17 19:21:29 +03:00
Code Activity
Files
85132ffba1a77609ea5d101c8a413dea7174932f
axios/SECURITY.md
T
Jay cb7b9ade1b docs: update secuirty threat model (#10715) 
* docs: added threat model

* chore: added threat model
2026-04-14 19:05:26 +02:00

38 lines
2.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Security Policy
## Supported Versions
The following versions will receive security updates promptly based on the maintainers' discretion.
| Version | Supported |
| ------- | ------------------ |
| 0.x.x | :white_check_mark: |
| 1.x.x | :white_check_mark: |
## Threat Model
For a detailed analysis of the runtime attack surface and the project's supply-chain / development-environment security posture, see [THREATMODEL.md](THREATMODEL.md). Researchers are encouraged to read it before reporting — it documents what is in scope, what is an explicit non-goal, and where we already know the gaps are.
## Reporting a Vulnerability
If you believe you have found a security vulnerability in the project, please report it to us as described below. We take all security vulnerabilities seriously. If you have found a vulnerability in a third-party library, please report it to the maintainers of that library.
## Reporting Process
Please do not report security vulnerabilities through public GitHub issues. Please use the official security channel on GitHub by logging a [security advisory](https://github.com/axios/axios/security).
## Disclosure Policy
When we receive a security vulnerability report, we will assign it a primary handler. This person is responsible for the vulnerability report. The handler will confirm the problem and determine the affected versions. The handler will then evaluate the problem and determine the severity of the issue. The handler will develop a fix for the problem and prepare a release. The handler will notify the reporter when the fix is ready to be announced.
## Security Updates
Security updates will be released as soon as possible after the patch has been developed and tested. We will notify users of the release via the projects GitHub repository. We will also publish the release notes and security advisories on the projects GitHub releases page. We will also deprecate all versions that contain the security vulnerability.
## Security Partners and Acknowledgements
We would like to thank the following security researchers for working with us to help make the project safe for everyone:
- [Socket Dev](https://socket.dev/)
- [GitHub Security Lab](https://securitylab.github.com/)
View Git Blame Copy Permalink