This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

Update supported versions

  • Loading branch information...
1 parent f947b86 commit ee92d2a5d8a57cb822f71639ff4e8a441da39500 @pixeltrix pixeltrix committed Mar 9, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 security/index.html
View
@@ -18,7 +18,7 @@ <h2>Disclosure Policy</h2>
<ol>
<li>Security report received and is assigned a primary handler. This person will coordinate the fix and release process.</li>
<li>Problem is confirmed and, a list of all affected versions is determined. Code is audited to find any potential similar problems.</li>
- <li>Fixes are prepared for all releases which are still under maintenance (at present 2.2.x, 2.3.x, master). These fixes are <strong>not</strong> committed to the public repository but rather held locally pending the announcement.</li>
+ <li>Fixes are prepared for all releases which are still under maintenance (at present 3.1.x, 3.2.x, master). These fixes are <strong>not</strong> committed to the public repository but rather held locally pending the announcement.</li>
<li>A suggested embargo date for this vulnerability is chosen and <a href="http://oss-security.openwall.org/wiki/mailing-lists/vendor-sec">vendor-sec</a> is notified. This notification will include detailed instructions to reproduce, patches for all versions still under support and a contact address for packagers who need advice back-porting patches to older versions.</li>
<li>On the embargo date, the <a href="http://groups.google.com/group/rubyonrails-security">rails security mailing list</a> is sent a copy of the announcement. The changes are pushed to the public repository and new gems released to rubyforge. At least 6 hours after the mailing list is notified, a copy of the advisory will be published on <a href="http://weblog.rubyonrails.org">Riding Rails</a></li>
</ol>

0 comments on commit ee92d2a

Please sign in to comment.