Skip to content

Security: hummingbird-project/hummingbird

SECURITY.md

Security Policy

Supported Versions

Currently we support versions 1.x.x and above of Hummingbird. These will receive security updates as and when needed.

Reporting a Vulnerability

If you believe you have found a security vulnerability in Hummingbird or any of its related repositories please do not post this in a public forum, do not create a GitHub Issue. Instead you should email [email protected] with details of the issue.

What happens next?

  • A member of the team will acknowledge receipt of the report within 5 working days. This may include a request for additional information about reproducing the vulnerability.
  • We will privately inform the Swift Server Work Group (SSWG) of the vulnerability within 10 days of the report as per their security guidelines.
  • Once we have identified a fix we may ask you to validate it. We aim to do this within 30 days, but this may not always be possible.
  • We will decide on a planned release date and let you know when it is.
  • Once the fix has been released we will publish a security advisory on GitHub and the SSWG will announce the vulnerability on the Swift forums.

There aren’t any published security advisories