authelia/SECURITY.md

33 lines
1.6 KiB
Markdown

# Security
Authelia takes security very seriously. We follow the rule of
[responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure), and we
encourage the community to as well.
If you discover a vulnerability in Authelia, please first contact one of the maintainers privately
either via [Matrix](#matrix) or [email](#email) as described in the [contact options](#contact-options) below.
For details about security measures implemented in Authelia, please follow
this [link](https://www.authelia.com/docs/security/measures.html) and for reading about
the threat model follow this [link](https://www.authelia.com/docs/security/threat-model.html).
## Contact Options
### Matrix
Join the [Matrix Room](https://riot.im/app/#/room/#authelia:matrix.org) and locate one of the maintainers.
You can identify them as they are the room administrators. Alternatively you can just ask for one of the
maintainers. Once you've made contact we ask you privately message the maintainer to communicate the vulnerability.
### Discord
Join the [Discord Server](https://discord.authelia.com) and message the
[#support](https://discord.com/channels/707844280412012608/707844280412012612) chat which links to [Matrix](#matrix)
and contact a maintainer.
### Email
You can contact any of the maintainers for security vulnerability related issues by emailing
[security@authelia.com](mailto:security@authelia.com). This email is strictly reserved for security and vulnerability
disclosure related matters. If you need to contact us for another reason please use [Matrix](#matrix) or
[team@authelia.com](mailto:team@authelia.com).