-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add security policy and reporting guidelines
- Loading branch information
1 parent
26e8679
commit 2eb6058
Showing
2 changed files
with
50 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| # Security Policy | ||
|
|
||
| ## Supported Versions | ||
|
|
||
| We recommend that all users always use the latest version of ejabberd. | ||
|
|
||
| To ensure the best experience and security, upgrade to the latest version available on [this repo](https://github.com/processone/ejabberd). | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| ### Private Reporting | ||
|
|
||
| **Preferred Method**: Use GitHub's private vulnerability reporting system by clicking the "Report a Vulnerability" button in the [Security tab of this repository](https://github.com/processone/ejabberd/security). This ensures your report is securely transmitted and tracked. | ||
|
|
||
| **Alternative**: If you cannot use the GitHub system, send an email to **`[email protected]`** with the following details: | ||
|
|
||
| - A clear description of the vulnerability. | ||
| - Steps to reproduce the issue. | ||
| - Any potential impact or exploitation scenarios. | ||
|
|
||
| ### Response Time | ||
|
|
||
| We aim to acknowledge receipt of your report within 72 hours. You can expect regular updates on the status of your report. | ||
|
|
||
| ### Resolution | ||
|
|
||
| If the vulnerability is confirmed, we will work on a patch or mitigation strategy. | ||
| We will notify you once the issue is resolved and coordinate a public disclosure if needed. | ||
|
|
||
| ### Acknowledgements | ||
|
|
||
| We value and appreciate the contributions of security researchers and community members. | ||
| If you wish, we are happy to acknowledge your efforts publicly by listing your name (or alias) below in this document. | ||
| Please let us know if you would like to be recognized when reporting the vulnerability. | ||
|
|
||
| ## Public Discussion | ||
|
|
||
| For general inquiries or discussions about the project’s security, feel free to chat with us here: | ||
|
|
||
| - XMPP room: `[email protected]` | ||
| - [GitHub Discussions](https://github.com/processone/ejabberd/discussions) | ||
|
|
||
| However, please note that if the issue is **critical** or potentially exploitable, **do not share it publicly**. Instead, we strongly recommend you contact the maintainers directly via the private reporting methods outlined above to ensure a secure and timely response. | ||
|
|
||
| Thank you for helping us improve the security of ejabberd! |