From 033002487925c43d59612080b6784e9a97ba383a Mon Sep 17 00:00:00 2001 From: Johan Cwiklinski Date: Tue, 1 Jul 2025 08:36:02 +0200 Subject: [PATCH 1/2] Add security policy --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..274044f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +Security Policy + +**⚠️ Please never use standard issues to report security problems; vulnerabilities are published once a fix release is available. ⚠️** + +## Reporting a Vulnerability + +If you found a security issue, please contact us by mail at \[glpi-security AT ow2.org\] or [open an advisory](https://github.com/pluginsGLPI/databaseinventory/security/advisories/new). + +You should provide us all details about the issue and the way to reproduce it. +You may also provide a script that can be used to check the issue exists. + +Once the report will be handled, and if the issue is not yet fixed (or in progress) +we'll add it to the GitHub security tab, and add you as observer. Meanwhile, +you will reserve a CVE for the issue. + +Thank you for improving the security of GLPI and its plugins. + +## Supported Versions + +We follow the same version support policy as GLPI. +This means that we provide security patches to versions of the plugin that target a version of GLPI itself maintained from a security point of view. From 2c7bee19f8801041ff248ffb57c1cf4c936183df Mon Sep 17 00:00:00 2001 From: Stanislas Date: Tue, 1 Jul 2025 10:09:23 +0200 Subject: [PATCH 2/2] Update SECURITY.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Cédric Anne --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 274044f..15d17ba 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,7 +4,7 @@ Security Policy ## Reporting a Vulnerability -If you found a security issue, please contact us by mail at \[glpi-security AT ow2.org\] or [open an advisory](https://github.com/pluginsGLPI/databaseinventory/security/advisories/new). +If you found a security issue, please contact us by mail at \[glpi-security AT ow2.org\]. You should provide us all details about the issue and the way to reproduce it. You may also provide a script that can be used to check the issue exists.