From 24a1fcb845956e4abeb2a14015d29e4ecacd3336 Mon Sep 17 00:00:00 2001 From: Kovah Date: Thu, 15 Dec 2022 00:16:21 +0100 Subject: [PATCH] Add notice about bug bounties --- .github/workflows/test.yml | 2 +- SECURITY.md | 19 ++++++++++++++++--- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f2d35b02..adb21e2c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,7 +6,7 @@ on: jobs: test-js: - name: Test asset generation process on Node 16 LTS + name: Test asset generation process on Node 18 LTS runs-on: ubuntu-latest steps: diff --git a/SECURITY.md b/SECURITY.md index 2223b94e..ef36595e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,9 +2,18 @@ ## Supported Versions -There is no warranty for the program, to the extent permitted by applicable law. Except when otherwise stated in writing the copyright holders and/or other parties provide the program "as is" without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The entire risk as to the quality and performance of the program is with you. Should the program prove defective, you assume the cost of all necessary servicing, repair or correction. +There is no warranty for the program, to the extent permitted by applicable law. Except when otherwise stated in +writing the copyright holders and/or other parties provide the program "as is" without warranty of any kind, +either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for +a particular purpose. The entire risk as to the quality and performance of the program is with you. Should the program +prove defective, you assume the cost of all necessary servicing, repair or correction. -In no event unless required by applicable law or agreed to in writing will any copyright holder, or any other party who modifies and/or conveys the program as permitted above, be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program (including but not limited to loss of data or data being rendered inaccurate or losses sustained by you or third parties or a failure of the program to operate with any other programs), even if such holder or other party has been advised of the possibility of such damages. +In no event unless required by applicable law or agreed to in writing will any copyright holder, or any other party who +modifies and/or conveys the program as permitted above, be liable to you for damages, including any general, special, +incidental or consequential damages arising out of the use or inability to use the program (including but not limited +to loss of data or data being rendered inaccurate or losses sustained by you or third parties or a failure of the +program to operate with any other programs), even if such holder or other party has been advised of the possibility +of such damages. | Version | Supported | | ------- | ------------------ | @@ -25,4 +34,8 @@ All dependencies are updated regularly, security fixes for those dependencies ar If you discover a security vulnerability, please contact me directly via `contact [at] linkace [dot] org`. Those vulnerabilities are addressed as fast as possible. -At the moment, there is no bug bounty program active. +### Bug Bounties + +The LinkAce project offers bug bounties for finding critical security vulnerabilities. Bounties are paid from the funds +available in the [Open Collective account](https://opencollective.com/linkace). Please notice that the actual paid +amounts are subject to negotiation and depend on the severity of the vulnerability.