mirror of
https://github.com/distribution/distribution.git
synced 2025-08-28 11:24:05 +00:00
05b308bc42
Bumps the go_modules group with 1 update in the / directory: [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt). Updates `github.com/golang-jwt/jwt/v5` from 5.2.1 to 5.2.2 - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md) - [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.1...v5.2.2) --- updated-dependencies: - dependency-name: github.com/golang-jwt/jwt/v5 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>
20 lines
904 B
Markdown
20 lines
904 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
As of November 2024 (and until this document is updated), the latest version `v5` is supported. In critical cases, we might supply back-ported patches for `v4`.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you think you found a vulnerability, and even if you are not sure, please report it a [GitHub Security Advisory](https://github.com/golang-jwt/jwt/security/advisories/new). Please try be explicit, describe steps to reproduce the security issue with code example(s).
|
|
|
|
You will receive a response within a timely manner. If the issue is confirmed, we will do our best to release a patch as soon as possible given the complexity of the problem.
|
|
|
|
## Public Discussions
|
|
|
|
Please avoid publicly discussing a potential security vulnerability.
|
|
|
|
Let's take this offline and find a solution first, this limits the potential impact as much as possible.
|
|
|
|
We appreciate your help!
|