mirror of
https://github.com/e107inc/e107.git
synced 2025-08-02 12:48:26 +02:00
Created SECURITY.MD file containing security policy
This commit is contained in:
35
SECURITY.md
Normal file
35
SECURITY.md
Normal file
@@ -0,0 +1,35 @@
|
|||||||
|
# Security Policy
|
||||||
|
|
||||||
|
This document outlines the Security Policy for e107:
|
||||||
|
|
||||||
|
* [Supported Versions](#supported-versions)
|
||||||
|
* [Disclosure Policy](#disclosure-policy)
|
||||||
|
* [Comments on this Policy](#comments-on-this-policy)
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
We release patches for security vulnerabilities in e107 from v2.0.0 onwards. The latest available version can be found in [Releases](https://github.com/e107inc/e107/releases).
|
||||||
|
|
||||||
|
| Version | Supported |
|
||||||
|
| ------- | ------------------ |
|
||||||
|
| 2.x.x | :white_check_mark: |
|
||||||
|
| < 1.0.4 | :x: |
|
||||||
|
|
||||||
|
## Disclosure Policy
|
||||||
|
|
||||||
|
The e107 team and community takes all security related reports seriously. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your
|
||||||
|
contributions.
|
||||||
|
|
||||||
|
**Please submit your security reports by emailing security@e107.org**
|
||||||
|
|
||||||
|
When the security team receives a security report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
|
||||||
|
|
||||||
|
* Confirm the problem and determine the affected versions.
|
||||||
|
* Audit code to find any potential similar problems.
|
||||||
|
* Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.
|
||||||
|
|
||||||
|
Please report security vulnerabilities in third-party plugins/themes to the person or team maintaining the plugin/theme.
|
||||||
|
|
||||||
|
## Comments on this Policy
|
||||||
|
|
||||||
|
If you have suggestions on how this process could be improved please submit a pull request.
|
Reference in New Issue
Block a user