Skip to content

Commit

Permalink
Adding security page to the docs
Browse files Browse the repository at this point in the history
  • Loading branch information
knsv committed Dec 28, 2021
1 parent f4c335a commit 65592e0
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 5 deletions.
11 changes: 6 additions & 5 deletions docs/_sidebar.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
- 📔 Introduction
- 📔 Introduction

- [About Mermaid](README.md)
- [Deployment](n00b-gettingStarted.md)
- [Syntax and Configuration](n00b-syntaxReference.md)

- 📊 Diagram Syntax
- 📊 Diagram Syntax
- [Flowchart](flowchart.md)
- [Sequence diagram](sequenceDiagram.md)
- [Class Diagram](classDiagram.md)
Expand All @@ -16,7 +16,7 @@
- [Requirement Diagram](requirementDiagram.md)
- [Other Examples](examples.md)

- ⚙️ Deployment and Configuration
- ⚙️ Deployment and Configuration

- [Tutorials](Tutorials.md)
- [API-Usage](usage.md)
Expand All @@ -26,12 +26,13 @@
- [Mermaid CLI](mermaidCLI.md)
- [Advanced usage](n00b-advanced.md)

- 📚 Misc
- 📚 Misc
- [Use-Cases and Integrations](integrations.md)
- [FAQ](faq.md)

- 🙌 Contributions and Community
- 🙌 Contributions and Community
- [Overview for Beginners](n00b-overview.md)
- [Development and Contribution ](development.md)
- [Changelog](CHANGELOG.md)
- [Adding Diagrams ](newDiagram.md)
- [Security ](security.md)
17 changes: 17 additions & 0 deletions docs/security.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Security
The Mermaid team takes the security of Mermaid and the applications that use Mermaid seriously. This page describes how to report any vulnerabilities you may find, and lists best practices to minimize the risk of introducing a vulnerability.

## Reporting vulnerabilities
To report a vulnerability, please e-mail [email protected] with a description of the issue, the steps you took to create the issue, affected versions, and if known, mitigations for the issue.

We aim to reply within three working days, probably much sooner.

You should expect a close collaboration as we work to resolve the issue you have reported. Please reach out to [email protected] again if you do not receive prompt attention and regular updates.

You may also reach out to the team via our public Slack chat channels; however, please make sure to e-mail [email protected] when reporting an issue, and avoid revealing information about vulnerabilities in public as that could that could put users at risk.

## Best practices

Keep current with the latest Mermaid releases. We regularly update Mermaid, and these updates may fix security defects discovered in previous versions. Check the Mermaid release notes for security-related updates.

Keep your application’s dependencies up to date. Make sure you upgrade your package dependencies to keep the dependencies up to date. Avoid pinning to specific versions for your dependencies and, if you do, make sure you check periodically to see if your dependencies have had security updates, and update the pin accordingly.

0 comments on commit 65592e0

Please sign in to comment.