Skip to content
This repository has been archived by the owner on Jan 8, 2020. It is now read-only.

Add security disclosure info to README/CONTRIBUTING docs #5468

Closed
wants to merge 1 commit into from
Closed

Add security disclosure info to README/CONTRIBUTING docs #5468

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 15 additions & 1 deletion CONTRIBUTING.md
View file
Open in desktop
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -19,7 +19,21 @@ read/subscribe to the following resources:


If you are working on new features, or refactoring an existing If you are working on new features, or refactoring an existing
component, please create a proposal. You can do this in on the RFC's component, please create a proposal. You can do this in on the RFC's
page, http://framework.zend.com/wiki/display/ZFDEV2/RFC%27s. page, http://framework.zend.com/wiki/display/ZFDEV2/RFC%27s.

## Reporting Potential Security Issues

If you have encountered a potential security vulnerability in Zend Framework, please report it to us at [zf-security@zend.com](mailto:zf-security@zend.com). We will work with you to verify the vulnerability and patch it.

When reporting issues, please provide the following information:

- Component(s) affected
- A description indicating how to reproduce the issue
- A summary of the security vulnerability and impact

We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Zend Framework users and provides them with a chance to upgrade and/or update in order to protect their applications.

For sensitive email communications, please use [our PGP key](http://framework.zend.com/zf-security-pgp-key.asc).


## RUNNING TESTS ## RUNNING TESTS


Expand Down
14 changes: 14 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -47,6 +47,20 @@ If you would like to be notified of new releases, you can subscribe to
the fw-announce mailing list by sending a blank message to the fw-announce mailing list by sending a blank message to
<fw-announce-subscribe@lists.zend.com>. <fw-announce-subscribe@lists.zend.com>.


## Reporting Potential Security Issues

If you have encountered a potential security vulnerability in Zend Framework, please report it to us at [zf-security@zend.com](mailto:zf-security@zend.com). We will work with you to verify the vulnerability and patch it.

When reporting issues, please provide the following information:

- Component(s) affected
- A description indicating how to reproduce the issue
- A summary of the security vulnerability and impact

We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Zend Framework users and provides them with a chance to upgrade and/or update in order to protect their applications.

For sensitive email communications, please use [our PGP key](http://framework.zend.com/zf-security-pgp-key.asc).

### LICENSE ### LICENSE


The files in this archive are released under the Zend Framework license. The files in this archive are released under the Zend Framework license.
Expand Down