1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
This is the Security Policy for the Perl distribution Net-OAuth.
The latest version of this Security Policy can be found in the
Git Repository for [Net-OAuth](https://github.com/keeth/Net-OAuth).
This text is based on the CPAN Security Group's
[Guidelines for Adding a Security Policy to Perl Distributions](https://security.metacpan.org/docs/guides/security-policy-for-authors.html)
(version 1.2.0).
# How to Report a Security Vulnerability
Security vulnerabilities can be reported using this project's GitHub
[Security Advisories](https://github.com/keeth/Net-OAuth/security/advisories).
Please include as many details as possible, including code samples
or test cases, so that we can reproduce the issue. Check that your
report does not expose any sensitive data, such as passwords,
tokens, or personal information.
If you would like any help with triaging the issue, or if the issue
is being actively exploited, please copy the report to the CPAN
Security Group (CPANSec) at <cpan-security@security.metacpan.org>.
Please *do not* use the public issue reporting system on RT or
GitHub issues for reporting security vulnerabilities.
Please do not disclose the security vulnerability in public forums
until past any proposed date for public disclosure, or it has been
made public by the maintainers or CPANSec. That includes patches or
pull requests.
For more information, see
[Report a Security Issue](https://security.metacpan.org/docs/report.html)
on the CPANSec website.
## Response to Reports
The maintainer(s) aim to acknowledge your security report as soon as
possible. However, this project is maintained by a small group of
volunteers in their spare time, and they cannot guarantee a rapid
response. If you have not received a response from them within a
week, then please send a reminder to them and copy the report to
CPANSec at <cpan-security@security.metacpan.org>.
Please note that the initial response to your report will be an
acknowledgement, with a possible query for more information. It
will not necessarily include any fixes for the issue.
The project maintainer(s) may forward this issue to the security
contacts for other projects where we believe it is relevant. This
may include embedded libraries, system libraries, prerequisite
modules or downstream software that uses this software.
They may also forward this issue to CPANSec.
# What Software this Policy Applies to
Any security vulnerabilities in Net-OAuth are covered by this policy.
Security vulnerabilities are considered anything that allows users
to execute unauthorised code, access unauthorised resources, or to
have an adverse impact on accessibility or performance of a system.
Security vulnerabilities in upstream software (embedded libraries,
prerequisite modules or system libraries, or in Perl), are not covered
by this policy unless they affect Net-OAuth, or Net-OAuth can be used
to exploit vulnerabilities in them.
Security vulnerabilities in downstream software (any software that
uses Net-OAuth, or plugins to it that are not included
with the Net-OAuth distribution) are not covered by
this policy.
## Which Versions of this Software are Supported?
The maintainer(s) will only commit to releasing security fixes for the
latest version of Net-OAuth.
# Installation and Usage Issues
Please see the module documentation for more information.
|
