diff options
| author | Damien Regad <dregad@mantisbt.org> | 2022-01-08 16:31:41 +0100 |
|---|---|---|
| committer | Damien Regad <dregad@mantisbt.org> | 2022-01-08 16:31:41 +0100 |
| commit | b703d94b3f5b2af1b675c2f786562c5586b664c3 (patch) | |
| tree | 83b82ae471f2bc56c9200a7ad27918d3480cae3d /SECURITY.md | |
| parent | a5c3dc8f9519488c48a5c4d99ab53747506d3606 (diff) | |
| download | adodb-b703d94b3f5b2af1b675c2f786562c5586b664c3.tar.gz adodb-b703d94b3f5b2af1b675c2f786562c5586b664c3.tar.bz2 adodb-b703d94b3f5b2af1b675c2f786562c5586b664c3.zip | |
Add GitHub Security Policy (SECURITY.md)
Fixes #766
Diffstat (limited to 'SECURITY.md')
| -rw-r--r-- | SECURITY.md | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..00670f24 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,45 @@ +# ADOdb Security Policy + +## Supported Versions + +The following releases of the library are currently being supported with +security updates. Please refer to the [project's home page](https://adodb.org) +for actual version numbers. + +- Stable +- Legacy +- Development (Git *master* branch) + +Older releases are no longer supported. + + +## Reporting a Vulnerability + +If you discover a vulnerability in ADOdb, please contact +the [project's maintainer](https://github.com/dregad) + +- by e-mail (look for it in the Git history) +- via private chat on [Gitter](https://gitter.im/dregad) + +Kindly provide the following information in your report: + +- Affected ADOdb version(s) or Git revision +- A clear and detailed description of the issue, including if possible a code + snippet to demonstrate or reproduce the vulnerability +- A patch for the issue if you have one, preferably in *Git diff* format + +### CVE handling + +To ensure a comprehensive and detailed declaration of the issue, we generally +prefer requesting CVE IDs ourselves, which usually happens after our analysis +confirms the vulnerability. + +In case you have already obtained a CVE ID, do not forget to reference it in +your report. + +### Credits + +Let us know if and how you wish to be credited for the finding. + +Your name, e-mail, company, etc. will be included as specified in the CVE +report, as well as in the Git commit message patching the issue. |
