Skip to content
Permalink
Browse files

Add a note about security

  • Loading branch information...
josegonzalez committed Mar 22, 2015
1 parent c740d8f commit 5f6f3c7fc3ea96a362101c3d7fa08f31df0358b3
Showing with 12 additions and 2 deletions.
  1. +12 −2 README.md
@@ -37,7 +37,6 @@ tests for cakephp by doing the following:

See [CONTRIBUTING.md](CONTRIBUTING.md) for more information.


## Some Handy Links

[CakePHP](http://www.cakephp.org) - The rapid development PHP framework.
@@ -58,7 +57,6 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for more information.

[Cake Software Foundation](http://cakefoundation.org) - Promoting development related to CakePHP.


## Get Support!

[#cakephp](http://webchat.freenode.net/?channels=#cakephp) on irc.freenode.net - Come chat with us, we have cake.
@@ -74,3 +72,15 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for more information.
[CONTRIBUTING.md](CONTRIBUTING.md) - Quick pointers for contributing to the CakePHP project.

[CookBook "Contributing" Section](http://book.cakephp.org/3.0/en/contributing.html) - Details about contributing to the project.

# Security

If you’ve found a security issue in CakePHP, please use the following procedure instead of the normal bug reporting system. Instead of using the bug tracker, mailing list or IRC please send an email to security [at] cakephp.org. Emails sent to this address go to the CakePHP core team on a private mailing list.

For each report, we try to first confirm the vulnerability. Once confirmed, the CakePHP team will take the following actions:

- Acknowledge to the reporter that we’ve received the issue, and are working on a fix. We ask that the reporter keep the issue confidential until we announce it.
- Get a fix/patch prepared.
- Prepare a post describing the vulnerability, and the possible exploits.
- Release new versions of all affected versions.
- Prominently feature the problem in the release announcement.

0 comments on commit 5f6f3c7

Please sign in to comment.
You can’t perform that action at this time.