Nemcio/Gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2025-12-14 20:29:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore: update security advisory reporting process

Browse Source 
[skip ci]
This commit is contained in:
ᴊᴏᴇ ᴄʜᴇɴ
2025-12-10 20:22:12 -05:00
committed by GitHub
parent 2c88cd4d9f
commit 5e7c599755
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
SECURITY.md
View File

@@ -12,13 +12,15 @@ Existing vulnerability reports are being tracked in [GitHub Security Advisories]
> Starting **Nov 9, 2023 00:00 UTC**, only security vulnerabilities reported through [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories/new) are accepted.
> Pre-existing vulnerability reported through https://huntr.dev/ or email (`security@gogs.io`) will continue to be worked through.
1. Report an advisory for the vulnerability
1. Project maintainers review the advisory and either:
1. Report an advisory for the vulnerability.
- Please be aware that **only advisories reported in plain English** will be reviewed.
1. Project maintainers review the advisory:
- Ask clarifying questions
- Make sure there was no prior advisory exists for the same vulnerability
- Confirm or deny the vulnerability
1. Once the vulnerability is confirmed, the reporter may submit a patch or wait for project maintainers to patch.
1. Once the advisory is accepted, the reporter may submit a patch or wait for project maintainers to patch.
- The latter is usually significantly slower.
1. Patch releases will be made for the supported versions.
1. After 14 days of the release, publish the corresponding advisory on [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories).
Thank you!
Thank you for making open source community a better place!