{\rtf1\ansi\ansicpg1252\cocoartf2821 \cocoatextscaling1\cocoaplatform1{\fonttbl\f0\fnil\fcharset0 AvenirNext-Regular;\f1\fswiss\fcharset0 Helvetica;\f2\fnil\fcharset0 AvenirNext-Italic; \f3\fnil\fcharset0 AvenirNext-DemiBold;\f4\fnil\fcharset0 AvenirNext-DemiBoldItalic;} {\colortbl;\red255\green255\blue255;\red255\green181\blue0;\red170\green170\blue170;\red130\green130\blue130; \red38\green38\blue38;\red0\green103\blue175;} {*\expandedcolortbl;;\cssrgb\c100000\c71000\c0;\csgray\c66667\cname lightGrayColor;\csgray\c50980; \csgray\c15000;\cssrgb\c0\c40400\c68600;} \pard\tx0\tqr\tx9000\pardirnatural\partightenfactor0

\f0\fs38 \cf2 \uc0\u9675 \cf0 Security.md \fs24 \cf3 20 Dec 2024 \f1 \cf0

\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\partightenfactor0 \cf4 \strike \strikec4 'a0 'a0\cf0 \strike0\striked0
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\sl320\slleading40\sb180\pardirnatural\partightenfactor0

\f2\i\fs14 \cf5 \up6 20 Dec 2024 || 3:43 am
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\sl320\slleading40\sb180\pardirnatural\partightenfactor0

\f3\i0\b\fs22 \cf5 \up0 Artify-AI Security \f1\b0\fs24 \cf0
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\partightenfactor0 \cf4 \strike \strikec4 'a0 'a0\cf0 \strike0\striked0
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\sl320\slleading40\sb180\pardirnatural\partightenfactor0

\f3\b\fs22 \cf5 Part 1 - Reporting a Vulnerability:
\pard\tx1440\tx2880\tx4320\tx5760\tx7200\tx8640\tx10080\tx11520\tx12960\tx14400\li1440\fi-320\sl320\slleading40\sb60\pardirnatural\partightenfactor0

\f0\b0\fs18 \cf5 1. \fs22 To report a security issue, please'a0{\field{*\fldinst{HYPERLINK "https://github.com/withastro/astro/security/advisories/new"}}{\fldrslt \cf6 open a security advisory}}'a0on GitHub with a detailed description of the issue, the steps you took to create the issue, affected versions, and if known, mitigations for the issue.\

\fs18 2. \fs22 \cf5 Please remember to include everything required for us to reproduce the issue, including but not limited to a publicly accessible git repository and/or StackBlitz repository. \

\fs18 \cf5 3. \fs22 \cf5 All code samples shared with our Security team will only be used to verify and diagnose the issue and will not be publicly shared with anyone outside of Artify-AI'92s teams. \

\fs18 \cf5 4. \fs22 \cf5 Arrtify-AI'92s Security Team members may share information only within the Astro teams on a need-to-know basis to fix the related issue in Astro.\

\fs18 \cf5 5. \fs22 \cf5 Our Security team will respond to the security advisory within three working days.
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\partightenfactor0

\f1\fs24 \cf0
\cf4 \strike \strikec4 'a0 'a0\cf0 \strike0\striked0
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\li480\sl320\slleading40\sb180\pardirnatural\partightenfactor0

\f4\i\b\fs22 \cf5 If you think you've found a security issue, please DO NOT report, discuss, or describe \f2\b0 it on Discord, GitHub, or any other public forum; without prior contact and acknowledgment of Astro's Security team.
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\li480\sl320\slleading40\sb180\pardirnatural\partightenfactor0 \cf5 > This project follows a 90-day disclosure timeline. \f4\b This is detrimental to the safety of all Artify-AI users. There are no exceptions to this rule. \f2\b0
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\partightenfactor0

\f1\i0\fs24 \cf0
\cf4 \strike \strikec4 'a0 'a0\cf0 \strike0\striked0
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\sl320\slleading40\sb180\pardirnatural\partightenfactor0

\f3\b\fs22 \cf5 Part 2 - Embargo Policy:
\pard\tx960\tx1920\tx2880\tx3840\tx4800\tx5760\tx6720\tx7680\tx8640\tx9600\li960\fi-320\sl320\slleading40\sb60\pardirnatural\partightenfactor0

\f0\b0 \cf5 '96 Members'92 and others'92 information received through participation in this group must not be made public, shared, or even hinted at otherwise, except with prior explicit approval (which shall be handled on a case-by-case basis). This holds until the agreed-upon public disclosure date/time is satisfied.
'96 \cf5 As a clarifying example, this policy forbids Artify-AI Security members from sharing list information with their employers; unless prior arrangements have been made directly with an employer.
\cf5 '96 \cf5 In the unfortunate event that you share information beyond what is allowed by this policy, you must urgently inform the Astro Security Team of exactly what information leaked and to whom, as well as the steps that will be taken to prevent future leaks.
\pard\tx960\tx1920\tx2880\tx3840\tx4800\tx5760\tx6720\tx7680\tx8640\tx9600\li960\fi-320\sl320\slleading40\sb60\pardirnatural\partightenfactor0 \cf5 '96 \f3\b Repeated offenses may lead to the removal from the Security or Artify-AI team \f0\b0 . \f3\b
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\partightenfactor0

\f1\b0\fs24 \cf0
\cf4 \strike \strikec4 'a0 'a0\cf0 \strike0\striked0
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\sl320\slleading40\sb180\pardirnatural\partightenfactor0

\f3\b\fs22 \cf5
}