Created SECURITY.MD file containing security policy

2025-04-16 02:26:25 +02:00 · 2021-09-06 20:01:22 +02:00 · 2021-09-06 20:01:22 +02:00 · b1dbd1744d
commit b1dbd1744d
parent 5c355d57a3
1 changed files with 35 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,35 @@
+# Security Policy
+
+This document outlines the Security Policy for e107:
+
+  * [Supported Versions](#supported-versions)
+  * [Disclosure Policy](#disclosure-policy)
+  * [Comments on this Policy](#comments-on-this-policy)
+
+## Supported Versions
+
+We release patches for security vulnerabilities in e107 from v2.0.0 onwards. The latest available version can be found in [Releases](https://github.com/e107inc/e107/releases). 
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.x.x   | :white_check_mark: |
+| < 1.0.4   | :x:              |
+
+## Disclosure Policy
+
+The e107 team and community takes all security related reports seriously. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your
+contributions. 
+
+**Please submit your security reports by emailing security@e107.org**
+
+When the security team receives a security report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
+
+  * Confirm the problem and determine the affected versions.
+  * Audit code to find any potential similar problems.
+  * Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.
+
+Please report security vulnerabilities in third-party plugins/themes to the person or team maintaining the plugin/theme.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a pull request.