Skip to content
Permalink
Browse files

Adds SECURITY.md file with instructions (#5181)

* Adds SECURITY.md file with instructions

* Removes trailing whitespace on SECURITY.md

* Updates README with link to full security policy

* Updates CONTRIBUTING with link to full security policy

* Update CHANGELOG with security policy
  • Loading branch information...
andreslucena authored and oriolgual committed Jun 14, 2019
1 parent 5a48bae commit 1aecfaa318a14813459a0398affb15a9d54eb01c
Showing with 31 additions and 6 deletions.
  1. +2 −0 CHANGELOG.md
  2. +1 −5 CONTRIBUTING.md
  3. +1 −1 README.md
  4. +27 −0 SECURITY.md
@@ -5,11 +5,13 @@

**Added**:

- **decidim-core**: Adds SECURITY.md per Github recommendations [#5181](https://github.com/decidim/decidim/pull/5181)
- **decidim-core**, **decidim-system**: Add force users to authenticate before access to the organization [#5189](https://github.com/decidim/decidim/pull/5189)
- **decidim-proposals**: Add new fields to proposal_serializer [#5186](https://github.com/decidim/decidim/pull/5186)
- **decidim-proposals**: Add :amend action to proposal's authorization workflow [#5184](https://github.com/decidim/decidim/pull/5184)
- **decidim-core**, **decidim-proposals**: Add: Improvements in amendments on `Proposals` control version [#5185](https://github.com/decidim/decidim/pull/5185)


**Changed**:


@@ -6,11 +6,7 @@ If you haven't already, come find us in [Gitter](https://gitter.im/decidim/decid

## Did you find a bug?

* **Do not open up a GitHub issue if the bug is a security vulnerability in Decidim**, and instead send us an email to security [at] decidim.org. We recommend to use GPG for these kind of communications, the fingerprint is C1BD 8981 D83C 23F9 D419 FE42 149A D0F9 84B9 35C4. To download our key:

```bash
gpg --keyserver pgp.key-server.io --recv 84B935C4
```
* **Do not open up a GitHub issue if the bug is a security vulnerability in Decidim**, and instead send us an email to security [at] decidim.org. See [full security policy](SECURITY.md).

* **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/decidim/decidim/issues) and on [Metadecidim](https://meta.decidim.org/processes/bug-report/f/210/proposals).

@@ -168,4 +168,4 @@ Since Decidim is a ruby gem, you can check out the [dependent repositories](http

## Security

Security is very important to us. If you have any issue regarding security, please disclose the information responsibly by sending an email to security [at] decidim [dot] org and not by creating a github/metadecidim issue. We appreciate your effort to make Decidim more secure.
Security is very important to us. If you have any issue regarding security, please disclose the information responsibly by sending an email to security [at] decidim [dot] org and not by creating a github/metadecidim issue. We appreciate your effort to make Decidim more secure. See [full security policy](SECURITY.md).
@@ -0,0 +1,27 @@
# Security Policy

## Supported Versions

Until we have the version 1.0 we support only the last minor and major
version with security updates.

| Version | Supported |
| ------- | ------------------ |
| 0.17.x | :white_check_mark: |
| < 0.16 | :x: |

## Reporting a Vulnerability

Security is very important to us.

If you have any issue regarding security, please disclose the information
responsibly by sending an email to security [at] decidim [dot] org and not
by creating a github/metadecidim issue. We appreciate your effort to make
Decidim more secure.

We recommend to use GPG for these kind of communications, the fingerprint
is `C1BD 8981 D83C 23F9 D419 FE42 149A D0F9 84B9 35C4`. To download our key:

```bash
gpg --keyserver pgp.key-server.io --recv 84B935C4
```

0 comments on commit 1aecfaa

Please sign in to comment.
You can’t perform that action at this time.