mirror of
https://github.com/e107inc/e107.git
synced 2025-01-17 12:48:24 +01:00
35 lines
1.5 KiB
Markdown
35 lines
1.5 KiB
Markdown
# Security Policy
|
|
|
|
This document outlines the Security Policy for e107:
|
|
|
|
* [Supported Versions](#supported-versions)
|
|
* [Disclosure Policy](#disclosure-policy)
|
|
* [Comments on this Policy](#comments-on-this-policy)
|
|
|
|
## Supported Versions
|
|
|
|
We release patches for security vulnerabilities in e107 from v2.0.0 onwards. The latest available version can be found in [Releases](https://github.com/e107inc/e107/releases).
|
|
|
|
| Version | Supported |
|
|
| ------- | ------------------ |
|
|
| 2.x.x | :white_check_mark: |
|
|
| < 1.0.4 | :x: |
|
|
|
|
## Disclosure Policy
|
|
|
|
The e107 team and community takes all security related reports seriously. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
|
|
|
|
**Please submit your security reports by emailing security@e107.org**
|
|
|
|
When the security team receives a security report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
|
|
|
|
* Confirm the problem and determine the affected versions.
|
|
* Audit code to find any potential similar problems.
|
|
* Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.
|
|
|
|
Please report security vulnerabilities in third-party plugins/themes to the person or team maintaining the plugin/theme.
|
|
|
|
## Comments on this Policy
|
|
|
|
If you have suggestions on how this process could be improved please submit a pull request.
|