This document defines security reporting and handling for the Polly project.
To privately report a security vulnerability in Polly, please create a security advisory in this repository's Security tab.
- Navigate to the Security tab tab of this repository.
- Click on Advisories in the left sidebar.
- Click on the green Report a vulnerability button and follow the prompts and instructions. Please provide as much detail as possible.
Important
Please do not open public GitHub issues, pull requests or discussions for anything you think might have a security implication.
Please allow up to 7 days for an initial response from a maintainer. If you do not receive a response within that time, please follow up by commenting on the advisory. You can also reach out to the maintainers via a Direct Message in the Polly Slack Community.
A maintainer may respond in a shorter time frame that stated above, but the maintainers may not be in your time zone, be on holiday/vacation, or otherwise unavailable, so please be patient. We take any vulnerability reports we receive seriously.
Tip
Further details on how to privately report a vulnerability using GitHub can be found in the GitHub documentation.
Note
Information about how we handle security incidents can be found in our Incident Response Plan.