35 lines
1.4 KiB
Markdown
35 lines
1.4 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions of TrueNAS SCALE
|
|
|
|
Our focus will always be on the latest version of TrueNAS SCALE.
|
|
However: We might provide extended support to older versions of TrueNAS SCALE as depicted in our Support Policy
|
|
|
|
|
|
## CVE's and you
|
|
|
|
As depicted in our guidelines, we do NOT accept containers and/or Apps with known `high` or `critical` CVE's present. Unless those CVE's have been thoroughly mitigated and said mitigation has been both desclosed and thoroughly reviewed.
|
|
|
|
|
|
## Response timeframe
|
|
|
|
The safety of our users is our prime concerns. We therefore aim to respond to any issues within 24 hours.
|
|
|
|
Though we hope that such situations will never happen, we will, in the most dire of circumstances, not hesitate with agressive responses to fix issues. This includes completely locking down/removing certain Apps or portions of the project from being installed.
|
|
|
|
|
|
## Compliance
|
|
|
|
As project owner is located in the Netherlands, we need to comply to all legal requirements and lawfull orders from the Government of the Netherlands.
|
|
|
|
**As of Today we have not recieved any data requests from the Dutch Government, that we are forbiden to make public. **
|
|
|
|
We are required to be fully GDPR compliant and fall under the sole authority of the Dutch Privacy Authority when it comes to GDPR compliance.
|
|
|
|
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you find any security issue, please email the project directly:
|
|
info@truecharts.org
|