Home Explore Help
Sign In
abc
/
gogs
mirror of https://github.com/gogits/gogs.git
Watch 1
Star 0
Fork 0
Files Issues 0 Wiki
Branch: main
Branches Tags
gogs
/
SECURITY.md

SECURITY.md 1.2 KB
Permalink History Raw

Security policy

Supported versions

Only the latest minor version releases are supported (>= 0.13) for accepting vulnerability reports and patching fixes.

Existing vulnerability reports are being tracked in GitHub Security Advisories.

Vulnerability lifecycle

[!important] Starting Nov 9, 2023 00:00 UTC, only security vulnerabilities reported through GitHub Security Advisories are accepted. Pre-existing vulnerability reported through https://huntr.dev/ or email (security@gogs.io) will continue to be worked through.

  1. Report an advisory for the vulnerability
  2. Project maintainers review the advisory and either:
    • Ask clarifying questions
    • Confirm or deny the vulnerability
  3. Once the vulnerability is confirmed, the reporter may submit a patch or wait for project maintainers to patch.
    • The latter is usually significantly slower.
  4. Patch releases will be made for the supported versions.
  5. After 14 days of the release, publish the corresponding advisory on GitHub Security Advisories.

Thank you!