File 1130-security-add-SECURITY-reporting-guidelines.patch of Package erlang
From b0fdb36c19f616b73cbe00aee463e216bf3b9463 Mon Sep 17 00:00:00 2001 From: Kiko Fernandez-Reyes <kiko@erlang.org> Date: Thu, 17 Oct 2024 11:34:51 +0200 Subject: [PATCH] security: add SECURITY reporting guidelines --- README.md | 5 ++++- SECURITY.md | 25 +++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 SECURITY.md diff --git a/README.md b/README.md index 13367ae75c..787fda443b 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,10 @@ Please visit our [GitHub Issues](https://github.com/erlang/otp/issues) page for ### Security Disclosure -We take security bugs in Erlang/OTP seriously. Please disclose the issues regarding security by sending an email to **erlang-security [at] erlang [dot] org** and not by creating a public issue. +Please do not report security vulnerabilities through public channels, like +GitHub issues, discussions, or pull requests. + +Please disclose the security issues following our [SECURITY](SECURITY.md) guidelines. ## Contributing diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..ffb1d6ec21 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,25 @@ +# Security Policy + +## Reporting a Vulnerability and/or Security Issues + +Please do not report security vulnerabilities through public channels, like +GitHub issues, discussions, or pull requests. + +If you believe you have found a security vulnerability in this repository, +please report it to erlang-security@erlang.org or https://github.com/erlang/otp/security. + +## Supported Versions + +Erlang/OTP supports the last 3 OTP releases with security updates and patches. +For example, if the latest release is OTP-27, we will support with maintainance and security releases: + +| Version | Supported | +| ------- | ------------------ | +| 27 | :white_check_mark: | +| 26 | :white_check_mark: | +| 25 | :white_check_mark: | +| =< 24 | :x: | + + + + -- 2.43.0
