diff options
| author | Sheogorath | 2019-09-10 12:27:13 +0200 |
|---|---|---|
| committer | Sheogorath | 2019-09-10 14:11:23 +0200 |
| commit | 42d42d5b6f8f0516f5cfa496f0d0e9778ab8633e (patch) | |
| tree | 22a5f12034db2dd8fefa7068b38218f048e3d008 /SECURITY.md | |
| parent | c6e4f3757e16e39f8f1f75c898eb20eb2eb9db4a (diff) | |
Add security note to repository
In order to simplify the communication with security researcher and
allow reporting of issues, this document should provide a rough idea
about:
1. What versions are supported
2. Who to contact
3. How to send findings properly secured
4. What to expect from an approved security issue
5. What if it's not considered a security issue
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to '')
| -rw-r--r-- | SECURITY.md | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..3819d0af --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,32 @@ +# Security Policy + +## Supported Versions + +Only the latest release of CodiMD is supported. We don't have the +ressources to maintain multiple versions. + +## Reporting a Vulnerability + +If you find a vulnerability for [this repository](https://github.com/codimd/server), please report it to +[@SISheogorath](https://github.com/SISheogorath). + +Please report your findings OpenPGP encrypted. If you are not aware of +how to use OpenPGP, please refer to [@SISheogorath's OpenPGP page](https://shivering-isles.com/pgpme), +which will take care of the encryption for you. + +We'll get back to you as soon as possible. You can expect an answer within +3 days, in rare cases within a month. If you don't get a reply within a month, +please reach out for other contact addresses in the [community chat](https://riot.im/app/#/room/#codimd:matrix.org). + +When your findings are accepted as a security issue, we'll work an a fix or +at least a workaround for the next release. With the release that contained +the fix, we want to encurage you to publish your findings as you like. + +We'll also credit you in the release notes. + +When your findings are not accepted as a security issue, feel free to write +a fix yourself and contribute it to CodiMD, as well as publish them as you +like and allow people to make in informed decision about using CodiMD. + +If you have any further questions, feel free to reach out to the +[community chat](https://riot.im/app/#/room/#codimd:matrix.org) or the mentioned contacts above. |