add contributing and security guidelines

2025-04-15 13:10:16 +03:00 · 2025-04-15 13:10:16 +03:00 · 75e4cfa0c4
commit 75e4cfa0c4
parent ce3337c46f
2 changed files with 77 additions and 0 deletions
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@ -0,0 +1,63 @@
+# Contribution Guidelines
+
+Table of Contents:
+
+<!-- vim-markdown-toc GFM -->
+
+* [Did you find a bug?](#did-you-find-a-bug)
+  * [Is it a Security Vulnerability?](#is-it-a-security-vulnerability)
+  * [Is it already a known issue?](#is-it-already-a-known-issue)
+  * [Reporting a Bug](#reporting-a-bug)
+  * [Is there a patch for the bug?](#is-there-a-patch-for-the-bug)
+* [Do you want to add a new feature?](#do-you-want-to-add-a-new-feature)
+  * [Is it just an idea?](#is-it-just-an-idea)
+  * [Is there a patch for the feature?](#is-there-a-patch-for-the-feature)
+* [Do you have questions about the Synapse Admin project or need guidance?](#do-you-have-questions-about-the-synapse-admin-project-or-need-guidance)
+
+<!-- vim-markdown-toc -->
+
+## Did you find a bug?
+
+### Is it a Security Vulnerability?
+
+Please follow the [Security Policy](https://github.com/etkecc/synapse-admin/blob/main/.github/SECURITY.md) for reporting
+security vulnerabilities.
+
+### Is it already a known issue?
+
+Please ensure the bug was not already reported by searching [the Issues section](https://github.com/etkecc/synapse-admin/issues).
+
+### Reporting a Bug
+
+If you think you have found a bug in Synapse Admin, it is not a security vulnerability, and it is not already reported,
+please open [a new issue](https://github.com/etkecc/synapse-admin/issues/new) with:
+    * A proper title and clear description of the problem.
+    * As much relevant information as possible:
+        * The version of Synapse Admin you are using.
+        * The version of Synapse you are using.
+        * Any relevant browser console logs, failed requests details, and error messages.
+
+### Is there a patch for the bug?
+
+If you already have a patch for the bug, please open a pull request with the patch,
+and mention the issue number in the pull request description.
+
+## Do you want to add a new feature?
+
+### Is it just an idea?
+
+Please open [a new issue](https://github.com/etkecc/synapse-admin/issues/new) with:
+    * A proper title and clear description of the requested feature.
+    * Any relevant information about the feature:
+        * Why do you think this feature is needed?
+        * How do you think it should work? (provide Synapse Admin API endpoint)
+        * Any relevant screenshots or mockups.
+
+### Is there a patch for the feature?
+
+If you already have a patch for the feature, please open a pull request with the patch,
+and mention the issue number in the pull request description.
+
+## Do you have questions about the Synapse Admin project or need guidance?
+
+Please use the official community Matrix room: [#synapse-admin:etke.cc](https://matrix.to/#/#synapse-admin:etke.cc)
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+Only [the last published version](https://github.com/etkecc/synapse-admin/releases/latest) of the project is supported.
+This means that only the latest version will receive security updates.
+If you are using an older version, you are strongly encouraged to upgrade to the latest version.
+
+## Reporting a Vulnerability
+
+Please contact us using the [#synapse-admin:etke.cc](https://matrix.to/#/#synapse-admin:etke.cc) Matrix room.
+The Synapse Admin project is a static JS UI for the Synapse server,
+so it is unlikely that there are (or will be) any impactful security vulnerabilities in the project itself.
+However, we do not rule out the possibility of such cases, so we will be happy to receive any reports!