USEFULL
/
gogs
mirror of https://github.com/gogs/gogs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: update security policy

pull/7810/merge
Joe Chen 2024-12-10 22:23:01 -05:00 committed by GitHub
parent c94baec9ca
commit 8a3b8198af
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
SECURITY.md
View File

@ -12,13 +12,13 @@ Existing vulnerability reports are being tracked in [GitHub Security Advisories]
> Starting **Nov 9, 2023 00:00 UTC**, only security vulnerabilities reported through [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories/new) are accepted. > Starting **Nov 9, 2023 00:00 UTC**, only security vulnerabilities reported through [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories/new) are accepted.
> Pre-existing vulnerability reported through https://huntr.dev/ or email (`security@gogs.io`) will continue to be worked through. > Pre-existing vulnerability reported through https://huntr.dev/ or email (`security@gogs.io`) will continue to be worked through.
1. Report a vulnerability 1. Report an advisory for the vulnerability
1. Project maintainers review the report and either: 1. Project maintainers review the advisory and either:
- Ask clarifying questions - Ask clarifying questions
- Confirm or deny the vulnerability - Confirm or deny the vulnerability
1. Once the vulnerability is confirmed, the reporter may submit a patch or wait for project maintainers to patch. 1. Once the vulnerability is confirmed, the reporter may submit a patch or wait for project maintainers to patch.
- The latter is usually significantly slower. - The latter is usually significantly slower.
1. Patch releases will be made for the supported versions. 1. Patch releases will be made for the supported versions.
1. Publish the report on [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories). 1. After 14 days of the release, publish the corresponding advisory on [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories).
Thank you! Thank you!