From a80f33d9995bbe49d22af426a6868c8680dfcc61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florencio=20Hern=C3=A1ndez?= Date: Thu, 1 Aug 2024 12:56:51 +0100 Subject: [PATCH] Feature Security Policy Doc: add security policy doc and update README file --- .github/SECURITY.md | 35 +++++++++++++++++++++++++++++++++++ README.md | 5 +++++ 2 files changed, 40 insertions(+) create mode 100644 .github/SECURITY.md diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 00000000..c92d7ed0 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,35 @@ +# Security Policy + +## Supported Versions + +We support fixing security issues on the following releases: + +| Version | Supported | Security fixes until +|---------|--------------------| -------------------- +| 14.2.1 | :white_check_mark: | 12 Months after the release (24 May 2025) +| 14.1.1 | :white_check_mark: | 12 Months after the release (08 May 2025) +| 14.0.1 | :white_check_mark: | 12 Months after the release (11 Mar 2025) +| 13.0.1 | :white_check_mark: | 12 Months after the release (11 Mar 2025) +| 12.0.0 | :white_check_mark: | 12 Months after the release (06 Nov 2024) +| 11.3.5 | :white_check_mark: | 12 Months after the release (11 Mar 2025) +| 11.2.6 | :white_check_mark: | 12 Months after the release (23 Nov 2024) +| 11.1.1 | :x: | No longer supported +| 9.3.1 | :x: | No longer supported +| 9.2.1 | :x: | No longer supported +| 8.5.2 | :x: | No longer supported + +## Reporting a Vulnerability + +If you’ve found a security issue in CakeDC Users plugin, please use the following procedure +instead of the normal bug reporting system. Instead of using the bug tracker please send an +email to security [at] cakedc.com. + +For each report, we try to first confirm the vulnerability. Once confirmed, +the CakeDC team will take the following actions: + +* Acknowledge to the reporter that we’ve received the issue, and are + working on a fix. We ask that the reporter keep the issue confidential until we announce it. +* Get a fix/patch prepared. +* Prepare a post describing the vulnerability, and the possible exploits. +* Release new versions of all affected versions. +* Prominently feature the problem in the release announcement \ No newline at end of file diff --git a/README.md b/README.md index 72b69e4e..ff37e759 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,11 @@ Contributing This repository follows the [CakeDC Plugin Standard](https://www.cakedc.com/plugin-standard). If you'd like to contribute new features, enhancements or bug fixes to the plugin, please read our [Contribution Guidelines](https://www.cakedc.com/contribution-guidelines) for detailed instructions. +Security +------------ + +If you've found a security issue in CakeDC Users plugin, please use the procedure described in [SECURITY.md](.github/SECURITY.md) + License -------