Docs: Update SECURITY.md
This commit is contained in:
parent
7111f5636b
commit
3bbc1c48aa
1 changed files with 13 additions and 13 deletions
26
SECURITY.md
26
SECURITY.md
|
@ -1,21 +1,21 @@
|
||||||
**Please contact us at [security@photoprism.app](mailto:security@photoprism.app) when you've discovered a potential security issue.**
|
# Security Policy
|
||||||
|
|
||||||
You are welcome to also report vulnerabilities in third-party applications that we may not be able to fix directly.
|
**Please contact us at [security@photoprism.app](mailto:security@photoprism.app) when you have discovered a potential security issue.** You are welcome to also report vulnerabilities in third-party applications that we may not be able to fix directly.
|
||||||
|
|
||||||
At a minimum, your report should include the following:
|
At a minimum, your report should include the following:
|
||||||
|
|
||||||
* version and architecture
|
- version and architecture
|
||||||
* vulnerability description
|
- vulnerability description
|
||||||
* reproduction steps
|
- reproduction steps
|
||||||
|
|
||||||
We will then try to reproduce the problem, determine the impact and get back to you as soon as possible.
|
We will then try to reproduce the problem, determine the impact and get back to you as soon as possible.
|
||||||
|
Confirmed vulnerabilities will be fixed within 90 days, depending on the severity and whether third-party
|
||||||
|
packages are affected.
|
||||||
|
|
||||||
|
**Responsible Disclosure:**
|
||||||
|
|
||||||
|
1. Confirm that the vulnerability applies to a current version and is reproducible
|
||||||
|
2. First share the vulnerability details with us so that users are not put at risk
|
||||||
|
3. Wait before publishing details until everyone has had a chance to update
|
||||||
|
|
||||||
*Avoid activities that disrupt, degrade, or interrupt our services or compromise other users' data, such as spam, brute force attacks, denial of service attacks, and malicious file distribution.*
|
*Avoid activities that disrupt, degrade, or interrupt our services or compromise other users' data, such as spam, brute force attacks, denial of service attacks, and malicious file distribution.*
|
||||||
|
|
||||||
### Responsible Disclosure ###
|
|
||||||
|
|
||||||
1. Confirm that the vulnerability applies to a current version
|
|
||||||
2. First share the vulnerability details with us
|
|
||||||
3. Wait for resolution before sharing details
|
|
||||||
|
|
||||||
**Thank you!** 👍
|
|
||||||
|
|
Loading…
Reference in a new issue