docs: add notes about reporting security issues (#4895)

Co-authored-by: Daniel Roe <daniel@roe.dev>
This commit is contained in:
pooya parsa 2022-06-17 10:00:37 +02:00 committed by GitHub
parent 9be0be2d68
commit 128b32a459
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

10
SECURITY.md Normal file
View File

@ -0,0 +1,10 @@
# Security Policy
## Reporting a Vulnerability
To report a vulnerability, please send an email to **security@nuxtjs.org** or submit it for a bounty via [Huntr](https://huntr.dev/bounties/disclose/?target=https://github.com/nuxt/framework).
All security vulnerabilities will be promptly verified and addressed.
While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of Nuxt and other dependencies by maintaining lock files (`yarn.lock`, `package-lock.json` and `pnpm-lock.yaml`) in order to ensure your application remains as secure as possible.