33 lines
1.5 KiB
Markdown
33 lines
1.5 KiB
Markdown
# Security Policy
|
|
|
|
The FreeCAD project is a FOSS (Free and Open-Source Software) project that has a community of thousands of users and
|
|
hundreds of developers worldwide. We encourage responsible reporting of security vulnerabilities that may affect users
|
|
of this software, and will endeavor to address these vulnerabilities when they are discovered.
|
|
|
|
## Bounties
|
|
|
|
FreeCAD does not have a program to pay bounties for security bugs. If you discover a vulnerability that affects a part
|
|
of the FreeCAD project (either directly in FreeCAD, in a library it depends on, or in any of the various other
|
|
subprojects such as our website, forums, etc.) we ask you to join the large community of volunteer contributors and
|
|
file a report about the issue.
|
|
|
|
Note that funds may be available from the [FreeCAD Project Association (FPA)](https://fpa.freecad.org) to pursue
|
|
security research and/or the development of fixes to any vulnerabilities discovered. However, vulnerabilities held as
|
|
hostage in demands for "bounties" will not be entertained. Contact the FPA at fpa@freecad.org for more information.
|
|
|
|
## Supported Versions
|
|
|
|
FreeCAD implements security fixes to the current release series, and to the current development on the main branch.
|
|
|
|
| Version | Supported |
|
|
|---------| ------------------ |
|
|
| 1.1dev | :white_check_mark: |
|
|
| 1.0 | :white_check_mark: |
|
|
| < 1.0 | :x: |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
To report a vulnerability use GitHub's security reporting tool:
|
|
https://github.com/FreeCAD/FreeCAD/security/advisories/new
|
|
|