This document outlines security procedures and general policies for the
graphql-to-karate project.
The graphql-to-karate team and community take all security bugs in
graphql-to-karate seriously. Thank you for improving the security of
graphql-to-karate. We appreciate your efforts and responsible disclosure and
will make every effort to acknowledge your contributions.
When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
- Confirm the problem and determine the affected versions.
- Audit code to find any potential similar problems.
- Prepare fixes for all releases still under maintenance. These fixes will be released as quickly as possible.
If you have suggestions on how this process could be improved please submit a pull request.