photoprism/SECURITY.md

22 lines
1.1 KiB
Markdown
Raw Normal View History

# PhotoPrism® Security Policy
2021-05-31 17:06:18 +02:00
2022-02-02 10:11:15 +01:00
**Please contact us at [security@photoprism.app](mailto:security@photoprism.app) when you have discovered a potential security issue.** You are welcome to also report vulnerabilities in third-party applications that we may not be able to fix directly.
2022-01-15 17:26:29 +01:00
2021-10-23 18:31:29 +02:00
At a minimum, your report should include the following:
2021-05-31 17:06:18 +02:00
2022-02-02 10:11:15 +01:00
- version and architecture
- vulnerability description
- reproduction steps
2021-05-31 17:06:18 +02:00
2021-10-23 18:31:29 +02:00
We will then try to reproduce the problem, determine the impact and get back to you as soon as possible.
2022-02-02 10:11:15 +01:00
Confirmed vulnerabilities will be fixed within 90 days, depending on the severity and whether third-party
packages are affected.
2021-05-31 17:06:18 +02:00
2022-02-02 10:11:15 +01:00
**Responsible Disclosure:**
2021-05-31 17:06:18 +02:00
2022-02-02 10:11:15 +01:00
1. Confirm that the vulnerability applies to a current version and is reproducible
2. First share the vulnerability details with us so that users are not put at risk
3. Wait before publishing details until everyone has had a chance to update
2021-10-23 18:31:29 +02:00
2022-02-02 10:11:15 +01:00
*Avoid activities that disrupt, degrade, or interrupt our services or compromise other users' data, such as spam, brute force attacks, denial of service attacks, and malicious file distribution.*