mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-22 01:36:29 -05:00
Add security note to repository
In order to simplify the communication with security researcher and allow reporting of issues, this document should provide a rough idea about: 1. What versions are supported 2. Who to contact 3. How to send findings properly secured 4. What to expect from an approved security issue 5. What if it's not considered a security issue Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
parent
c6e4f3757e
commit
42d42d5b6f
1 changed files with 32 additions and 0 deletions
32
SECURITY.md
Normal file
32
SECURITY.md
Normal file
|
@ -0,0 +1,32 @@
|
|||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
Only the latest release of CodiMD is supported. We don't have the
|
||||
ressources to maintain multiple versions.
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you find a vulnerability for [this repository](https://github.com/codimd/server), please report it to
|
||||
[@SISheogorath](https://github.com/SISheogorath).
|
||||
|
||||
Please report your findings OpenPGP encrypted. If you are not aware of
|
||||
how to use OpenPGP, please refer to [@SISheogorath's OpenPGP page](https://shivering-isles.com/pgpme),
|
||||
which will take care of the encryption for you.
|
||||
|
||||
We'll get back to you as soon as possible. You can expect an answer within
|
||||
3 days, in rare cases within a month. If you don't get a reply within a month,
|
||||
please reach out for other contact addresses in the [community chat](https://riot.im/app/#/room/#codimd:matrix.org).
|
||||
|
||||
When your findings are accepted as a security issue, we'll work an a fix or
|
||||
at least a workaround for the next release. With the release that contained
|
||||
the fix, we want to encurage you to publish your findings as you like.
|
||||
|
||||
We'll also credit you in the release notes.
|
||||
|
||||
When your findings are not accepted as a security issue, feel free to write
|
||||
a fix yourself and contribute it to CodiMD, as well as publish them as you
|
||||
like and allow people to make in informed decision about using CodiMD.
|
||||
|
||||
If you have any further questions, feel free to reach out to the
|
||||
[community chat](https://riot.im/app/#/room/#codimd:matrix.org) or the mentioned contacts above.
|
Loading…
Reference in a new issue