view release on metacpan or  search on metacpan

SECURITY.md  view on Meta::CPAN

# Security Policy for the Apache-Session-Generate-Random distribution.

Report security issues via the project
[Security Advisories](https://github.com/robrwo/perl-Apache-Session-Generate-Random/security/advisories).

This is the Security Policy for Apache-Session-Generate-Random.

The latest version of the Security Policy can be found in the
[git repository for Apache-Session-Generate-Random](https://github.com/robrwo/perl-Apache-Session-Generate-Random).

This text is based on the CPAN Security Group's Guidelines for Adding
a Security Policy to Perl Distributions (version 1.3.0)
https://security.metacpan.org/docs/guides/security-policy-for-authors.html

# How to Report a Security Vulnerability

Security vulnerabilities can be reported to the current Apache-Session-Generate-Random
maintainers via the project
[Security Advisories](https://github.com/robrwo/perl-Apache-Session-Generate-Random/security/advisories).

Please include as many details as possible, including code samples
or test cases, so that we can reproduce the issue.  Check that your
report does not expose any sensitive data, such as passwords,
tokens, or personal information.

If you would like any help with triaging the issue, or if the issue
is being actively exploited, please copy the report to the CPAN
Security Group (CPANSec) at <cpan-security@security.metacpan.org>.

Please *do not* use the public issue reporting system on RT or
GitHub issues for reporting security vulnerabilities.

Please do not disclose the security vulnerability in public forums
until past any proposed date for public disclosure, or it has been
made public by the maintainers or CPANSec.  That includes patches or
pull requests.

For more information, see
[Report a Security Issue](https://security.metacpan.org/docs/report.html)
on the CPANSec website.

## Response to Reports

The maintainer(s) aim to acknowledge your security report as soon as
possible.  However, this project is maintained by a single person in
their spare time, and they cannot guarantee a rapid response.  If you
have not received a response from them within two weeks, then
please send a reminder to them and copy the report to CPANSec at
<cpan-security@security.metacpan.org>.

Please note that the initial response to your report will be an
acknowledgement, with a possible query for more information.  It
will not necessarily include any fixes for the issue.

The project maintainer(s) may forward this issue to the security
contacts for other projects where we believe it is relevant.  This
may include embedded libraries, system libraries, prerequisite
modules or downstream software that uses this software.

They may also forward this issue to CPANSec.

# Which Software This Policy Applies To

Any security vulnerabilities in Apache-Session-Generate-Random are covered by this policy.

Security vulnerabilities in versions of any libraries that are
included in Apache-Session-Generate-Random are also covered by this policy.

Security vulnerabilities are considered anything that allows users
to execute unauthorised code, access unauthorised resources, or to
have an adverse impact on accessibility or performance of a system.

Security vulnerabilities in upstream software (prerequisite modules
or system libraries, or in Perl), are not covered by this policy
unless they affect Apache-Session-Generate-Random, or Apache-Session-Generate-Random can
be used to exploit vulnerabilities in them.

Security vulnerabilities in downstream software (any software that
uses Apache-Session-Generate-Random, or plugins to it that are not included with the
Apache-Session-Generate-Random distribution) are not covered by this policy.

## Supported Versions of Apache-Session-Generate-Random