From 0231d65686fa9d8e93c7c21619a932df2e8cfd7b Mon Sep 17 00:00:00 2001 From: Tomy Busbiba Ratoshnik Date: Wed, 3 Jun 2026 12:58:10 +0300 Subject: [PATCH] DVL-9884: add SECURITY.md Adds a Security Policy directing vulnerability reports to security@apono.io. Resolves the OX "Security Policy file missing" finding for this repository. Co-Authored-By: Claude Opus 4.8 (1M context) --- SECURITY.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..d2c93e307 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,28 @@ +# Security Policy + +## Reporting a Vulnerability + +If you believe you have found a security vulnerability in `session-manager-plugin`, please report +it to us privately. **Do not open a public GitHub issue, pull request, or discussion +for security reports.** + +Email **security@apono.io** with the details. Where possible, please include: + +- A description of the vulnerability and its potential impact. +- Steps to reproduce, or a proof of concept. +- The affected version, commit, or configuration. +- Any suggested remediation, if you have one. + +We will work with you to understand and resolve the issue. We ask that you give us a +reasonable opportunity to investigate and release a fix before any public disclosure, +and that you avoid accessing or modifying data that is not your own while researching. + +## Supported Versions + +Security fixes are applied to the latest released version of `session-manager-plugin`. We recommend +always running the most recent release. + +## Disclosure + +We follow a coordinated disclosure process and will credit reporters who wish to be +acknowledged once a fix is available.