Skip to content

Security: Kit/convertkit-wordpress

SECURITY.md

Security Policy

This security policy applies to public projects under the Kit organization on GitHub.

Reporting a Vulnerability

If you discover a security vulnerability, please report via any of the below:

Please do not report security issues publicly via GitHub issues or discussions. Security reports sent via the above channels be acknowledged within 48 hours.

Security Disclosure Process

When reporting a security vulnerability, please include:

  1. Description - A clear description of the vulnerability
  2. Impact - What kind of vulnerability it is and who it impacts
  3. Reproduction - Detailed steps to reproduce the issue
  4. Proof of Concept - If applicable, include proof-of-concept code
  5. Suggested Fix - If you have ideas for how to fix the issue

Security Response Timeline

  • Initial Response: Within 48 hours of receiving the report
  • Investigation: We will investigate and validate the reported vulnerability
  • Fix Development: Development of a patch or mitigation strategy
  • Release: Coordinated disclosure and release of security update
  • Public Disclosure: After users have had time to upgrade

There aren't any published security advisories