This document outlines security procedures and general policies for the
flux-local-explorer project.
The flux-local-explorer maintainers take all security issues seriously. Thank
you for helping improve the security of this project.
flux-local-explorer uses GitHub's private vulnerability reporting for
security disclosures. To submit a report, use the repository's private
vulnerability reporting feature:
https://github.com/omnicate/flux-local-explorer/security/advisories/new
Include the following details when possible:
- a detailed description of the issue
- the steps required to reproduce it
- affected versions or commit ranges, if known
- any mitigations or workarounds
A maintainer should acknowledge the report within three business days and follow up with next steps as the issue is triaged.
If you cannot use GitHub private reporting or do not receive a response during that window, contact Cisco Open Security at oss-security@cisco.com.
When maintainers receive a disclosure report, they will:
- confirm the issue
- determine affected versions of the project
- audit for similar issues in related code paths
- prepare and validate a fix
- coordinate disclosure and release timing as needed
If you have suggestions for improving this process, open an issue or pull request.