summaryrefslogtreecommitdiff
path: root/SECURITY.md
diff options
context:
space:
mode:
authorDamien Regad <dregad@mantisbt.org>2022-01-08 16:31:41 +0100
committerDamien Regad <dregad@mantisbt.org>2022-01-08 16:31:41 +0100
commitb703d94b3f5b2af1b675c2f786562c5586b664c3 (patch)
tree83b82ae471f2bc56c9200a7ad27918d3480cae3d /SECURITY.md
parenta5c3dc8f9519488c48a5c4d99ab53747506d3606 (diff)
downloadadodb-b703d94b3f5b2af1b675c2f786562c5586b664c3.tar.gz
adodb-b703d94b3f5b2af1b675c2f786562c5586b664c3.tar.bz2
adodb-b703d94b3f5b2af1b675c2f786562c5586b664c3.zip
Add GitHub Security Policy (SECURITY.md)
Fixes #766
Diffstat (limited to 'SECURITY.md')
-rw-r--r--SECURITY.md45
1 files changed, 45 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..00670f24
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,45 @@
+# ADOdb Security Policy
+
+## Supported Versions
+
+The following releases of the library are currently being supported with
+security updates. Please refer to the [project's home page](https://adodb.org)
+for actual version numbers.
+
+- Stable
+- Legacy
+- Development (Git *master* branch)
+
+Older releases are no longer supported.
+
+
+## Reporting a Vulnerability
+
+If you discover a vulnerability in ADOdb, please contact
+the [project's maintainer](https://github.com/dregad)
+
+- by e-mail (look for it in the Git history)
+- via private chat on [Gitter](https://gitter.im/dregad)
+
+Kindly provide the following information in your report:
+
+- Affected ADOdb version(s) or Git revision
+- A clear and detailed description of the issue, including if possible a code
+ snippet to demonstrate or reproduce the vulnerability
+- A patch for the issue if you have one, preferably in *Git diff* format
+
+### CVE handling
+
+To ensure a comprehensive and detailed declaration of the issue, we generally
+prefer requesting CVE IDs ourselves, which usually happens after our analysis
+confirms the vulnerability.
+
+In case you have already obtained a CVE ID, do not forget to reference it in
+your report.
+
+### Credits
+
+Let us know if and how you wish to be credited for the finding.
+
+Your name, e-mail, company, etc. will be included as specified in the CVE
+report, as well as in the Git commit message patching the issue.