Skip to content

Security: orca-services/nova-api-php

SECURITY.md

Security Policy

Supported Versions

We generally support fixing security issues in all sensible releases. We may decide not to fix them in very old releases, though.

Reporting a Vulnerability

If you’ve found a security issue in one of our packages, please send us an email to development [at] orca.ch instead of using the normal bug reporting system or any other form of notification.

Once we receive a vulnerability report, we first confirm to the reporter that we simply received the report.

Next, for each report, we try to confirm the vulnerability. Once confirmed, we will do the following:

  • Acknowledge to the reporter that we’ve confirmed the issue, and are working on a fix. We ask the reporter to keep the issue confidential until we announce a solution.
  • Get a fix/patch or workaround/guidance prepared.
  • Release new versions of all affected versions, if applicable.
  • Prominently feature the problem in the release description, if applicable.

There aren’t any published security advisories