diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..c083170 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,35 @@ +# Security Policies and Procedures + +## Reporting a Bug + +We take all security bugs in systeminformation seriously. +Thank you for improving the security of systeminformation. We appreciate your efforts and +responsible disclosure and will make every effort to acknowledge your +contributions. + +To ensure the timely response to your report, please ensure that the entirety +of the report is contained, when reporting a security issue. + +Report security bugs in third-party modules to the person or team maintaining +the module. + +## Pre-release Versions + +Alpha and Beta releases are unstable and **not suitable for production use**. +Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section. +Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release. + +## Disclosure Policy + +When we will receiving a security bug report, we will coordinate the fix and release process, +involving the following steps: + + * Confirm the problem and determine the affected versions. + * Audit code to find any potential similar problems. + * Prepare fixes for all releases still under maintenance. These fixes will be + released as fast as possible to npm. + +## Comments on this Policy + +If you have suggestions on how this process could be improved please submit a +pull request. diff --git a/docs/security.html b/docs/security.html index 6964f26..99476ab 100644 --- a/docs/security.html +++ b/docs/security.html @@ -46,9 +46,9 @@

fsSize Command Injection Vulnerability

Affected versions: - < 5.23.14
+ < 5.27.14
Date: 2025-12-16
- CVE indentifier CVE-??? + CVE indentifier CVE-2025-68154

Impact