Skip to content

Commit

Permalink
Update SECURITY.md
Browse files Browse the repository at this point in the history
  • Loading branch information
kingjia90 authored Apr 25, 2024
1 parent 4232fe5 commit a4a7b14
Showing 1 changed file with 8 additions and 6 deletions.
14 changes: 8 additions & 6 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,21 @@

## Reporting a Vulnerability

If you think that you have found a security issue,
don’t use the bug tracker and don’t publish it publicly.
Instead, all security issues must be reported via 📫 to [security-issue@pimcore.com](mailto:security-issue@pimcore.com).
If you think that you have found a security issue,
don’t use the bug tracker and don’t publish it publicly.
Instead, all security issues must be reported via a private vulnerability report.

Please follow the [instructions](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) to submit a private report.


## Resolving Process
Every submitted security issue is handled with top priority by following these steps:
Every submitted security issue is handled with top priority by following these steps:

1. Confirm the vulnerability
2. Determine the severity
3. Contact reporter
4. Work on a patch
5. Get a CVE identification number (may be done by the reporter or a security service provider)
6. Patch reviewing
6. Patch reviewing
7. Tagging a new release for supported versions
8. Publish security announcement
8. Publish security announcement

0 comments on commit a4a7b14

Please sign in to comment.