diff --git a/.github/workflows/cla-check.yaml b/.github/workflows/cla-check.yaml new file mode 100644 index 0000000..2c7cc9d --- /dev/null +++ b/.github/workflows/cla-check.yaml @@ -0,0 +1,14 @@ +name: CLA check + +on: + issue_comment: + types: [created] + pull_request_target: + types: [opened, closed, synchronize] + +jobs: + cla-workflow: + uses: pimcore/workflows-collection-public/.github/workflows/reusable-cla-check.yaml@v1.3.0 + if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' + secrets: + CLA_ACTION_ACCESS_TOKEN: ${{ secrets.CLA_ACTION_ACCESS_TOKEN }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..553c3b5 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,10 @@ +name: Handle stale issues + +on: + workflow_dispatch: + schedule: + - cron: '37 7 * * *' + +jobs: + call-stale-workflow: + uses: pimcore/workflows-collection-public/.github/workflows/stale.yml@v1.1.0 diff --git a/SECURITY.md b/SECURITY.md index 6b6917f..15268a0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,7 +4,9 @@ If you think that you have found a security issue, don’t use the bug tracker and don’t publish it publicly. -Instead, all security issues must be reported via 📫 to [security-issue@pimcore.com](mailto:security-issue@pimcore.com). +Instead, all security issues must be reported via a private vulnerability report. + +Please follow the [instructions](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) to submit a private report. ## Resolving Process @@ -18,4 +20,3 @@ Every submitted security issue is handled with top priority by following these s 6. Patch reviewing 7. Tagging a new release for supported versions 8. Publish security announcement -