From d6aa047c81444ed8f0f1d5e4520b3038feec4c5f Mon Sep 17 00:00:00 2001 From: Derrick Mehaffy Date: Mon, 4 Nov 2019 15:06:49 -0700 Subject: [PATCH 1/3] Add security and vulnerability reporting page --- docs/SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 docs/SECURITY.md diff --git a/docs/SECURITY.md b/docs/SECURITY.md new file mode 100644 index 0000000000..d2ef0c1605 --- /dev/null +++ b/docs/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +As of November 2019 (and until this document is updated), only the v3.0.0-beta tags of Strapi are supported for updates. Any previous versions are currently not supported and users are advised to use them "at their own risk". + +## Reporting a Vulnerability + +Please report (suspected) security vulnerabilities to +**[security@strapi.io](mailto:security@strapi.io)** or via the [Strapi Slack](https://slack.strapi.io). + +When reporting a (suspected) security vulnerabilitie via slack please reach out to any of the following Strapi employees directly: + +- `@aureliengeorget` +- `@alexandre` +- `@lauriejim` +- `@soupette` + +You will receive a response from us within 72 hours. If the issue is confirmed, +we will release a patch as soon as possible depending on complexity +but historically within a few days. From 1b21af4877788ba12ade2afd0c86aaa24af689ff Mon Sep 17 00:00:00 2001 From: Derrick Mehaffy Date: Mon, 4 Nov 2019 15:25:09 -0700 Subject: [PATCH 2/3] PR feedback for issue template --- .github/ISSUE_TEMPLATE/SECURITY.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/SECURITY.md diff --git a/.github/ISSUE_TEMPLATE/SECURITY.md b/.github/ISSUE_TEMPLATE/SECURITY.md new file mode 100644 index 0000000000..999421cc27 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/SECURITY.md @@ -0,0 +1,26 @@ +--- +name: 🛡 Security +about: Information on reporting security volnerabilities +--- + +# Security Policy + +## Supported Versions + +As of November 2019 (and until this document is updated), only the v3.0.0-beta tags of Strapi are supported for updates. Any previous versions are currently not supported and users are advised to use them "at their own risk". + +## Reporting a Vulnerability + +Please report (suspected) security vulnerabilities to +**[security@strapi.io](mailto:security@strapi.io)** or via the [Strapi Slack](https://slack.strapi.io). + +When reporting a (suspected) security vulnerabilitie via slack please reach out to any of the following Strapi employees directly: + +- `@aureliengeorget` +- `@alexandre` +- `@lauriejim` +- `@soupette` + +You will receive a response from us within 72 hours. If the issue is confirmed, +we will release a patch as soon as possible depending on complexity +but historically within a few days. From 41fa98a22a5794ea65e42c628cb7e84a8a4783a9 Mon Sep 17 00:00:00 2001 From: Jim LAURIE Date: Mon, 4 Nov 2019 23:36:07 +0100 Subject: [PATCH 3/3] Fix typo --- .github/ISSUE_TEMPLATE/SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/SECURITY.md b/.github/ISSUE_TEMPLATE/SECURITY.md index 999421cc27..5ed20a879f 100644 --- a/.github/ISSUE_TEMPLATE/SECURITY.md +++ b/.github/ISSUE_TEMPLATE/SECURITY.md @@ -1,6 +1,6 @@ --- name: 🛡 Security -about: Information on reporting security volnerabilities +about: Information on reporting security vulnerabilities --- # Security Policy