Skip to content

Security: Ericsson/exchangecalendar

SECURITY.md

Security Policy

If you believe you have found a security vulnerability in an Ericsson-managed repository, please report it to us as described below.

Reporting a vulnerability

Please do not open a public issue, pull request, or discussion for a security problem.

Instead, use the "Report a vulnerability" button on this repository's Security tab. This keeps the report private, lets us collaborate with you on a draft advisory, and supports private patch development.

What to include

  • Affected project, component, and version(s)
  • Environment (OS, architecture, platform, configuration)
  • Reproduction steps; proof-of-concept or screenshots if available
  • Impact and how the issue could be exploited
  • Any embargo/disclosure timing you would like us to honor
  • Whether and how you wish to be credited

Supported Versions

The default policy for projects hosted on Ericsson's GitHub organization is to support security updates for the latest release. Some projects may have a different policy in place, as described in their dedicated SECURITY.MD file.

There aren't any published security advisories