From e95efc4a1b8487d4fb2727db109b4272fc73095c Mon Sep 17 00:00:00 2001 From: JiaJia Ji Date: Mon, 29 Apr 2024 13:16:24 +0200 Subject: [PATCH] Update SECURITY.md (#71) --- SECURITY.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 53173b7..15268a0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,19 +2,21 @@ ## Reporting a Vulnerability -If you think that you have found a security issue, -don’t use the bug tracker and don’t publish it publicly. -Instead, all security issues must be reported via 📫 to [security-issue@pimcore.com](mailto:security-issue@pimcore.com). +If you think that you have found a security issue, +don’t use the bug tracker and don’t publish it publicly. +Instead, all security issues must be reported via a private vulnerability report. + +Please follow the [instructions](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) to submit a private report. ## Resolving Process -Every submitted security issue is handled with top priority by following these steps: +Every submitted security issue is handled with top priority by following these steps: 1. Confirm the vulnerability 2. Determine the severity 3. Contact reporter 4. Work on a patch 5. Get a CVE identification number (may be done by the reporter or a security service provider) -6. Patch reviewing +6. Patch reviewing 7. Tagging a new release for supported versions -8. Publish security announcement \ No newline at end of file +8. Publish security announcement