melody/continuwuity
1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity.git synced 2025-06-26 11:35:22 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs: Tiny phrasing changes to the security policy
Some checks failed
Documentation / Build and Deploy Documentation (push) Failing after 3s
Details
Rust Checks / Format (push) Failing after 15s
Details
Rust Checks / Clippy (push) Failing after 12s
Details
Rust Checks / Cargo Test (push) Failing after 8s
Details

Browse source
This commit is contained in:
Jade Ellis 2025-05-30 23:50:29 +01:00
parent d7514178ab
commit 44e60d0ea6
No known key found for this signature in database
GPG key ID: 8705A2A3EBF77BD2
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
SECURITY.md
View file

@ -20,10 +20,10 @@ We may backport fixes to the previous release at our discretion, but we don't gu
We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines: We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines:
1. Contact members of the team over E2EE private message. 1. **Contact members of the team directly** over E2EE private message.
- [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link) - [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
- [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? --> - [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? -->
2. **Email the security team** directly at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details. 2. **Email the security team** at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
3. **Do not disclose the vulnerability publicly** until it has been addressed 3. **Do not disclose the vulnerability publicly** until it has been addressed
4. **Provide detailed information** about the vulnerability, including: 4. **Provide detailed information** about the vulnerability, including:
- A clear description of the issue - A clear description of the issue
@ -48,7 +48,7 @@ When you report a security vulnerability:
When security vulnerabilities are identified: When security vulnerabilities are identified:
1. We will develop and test fixes in a private branch 1. We will develop and test fixes in a private fork
2. Security updates will be released as soon as possible 2. Security updates will be released as soon as possible
3. Release notes will include information about the vulnerabilities, avoiding details that could facilitate exploitation where possible 3. Release notes will include information about the vulnerabilities, avoiding details that could facilitate exploitation where possible
4. Critical security updates may be backported to the previous stable release 4. Critical security updates may be backported to the previous stable release