If you think that you have found a security issue in Strata, please don't use the issue tracker and don't publish it publicly. Send urgent or sensitive reports directly to [email protected]
If you submit a report, here’s what will happen:
- We’ll acknowledge your report.
- We'll confirm the vulnerability and ask any follow up questions.
- The team will work on a fix.
- Once the issue is resolved, we’ll post a security update along with thanks and credit for the discovery.
Once a patch has been created we will:
- Publish a release for all maintained versions of Strata.
- Update the public security advisories database.
- While we are working on a patch, please do not reveal the issue publicly.
- The resolution takes anywhere between a couple of days to a month depending on its complexity.
This Security Issues policy is inspired by Basecamp security response and Symfony security issues.