From 8570324a91a4ce6f15cdec1d129a90d744389eb6 Mon Sep 17 00:00:00 2001 From: Damon Cook Date: Fri, 15 Nov 2024 17:08:25 -0500 Subject: [PATCH] Create SECURITY.md (#1909) Providing a clear security policy ensures that the community will know how to report a vulnerability should they find one, which also signals trust in our codebase and standards. https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository --- SECURITY.md | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..22dbdd401 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,37 @@ +# Security Policy + +## Supported Versions + +The following versions of this project are currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 1.3.1 | :white_check_mark: | +| <1.3.0 | :x: | + +WP Engine takes the security of our software and services seriously, including all +of the open-source code repositories managed through our +[WP Engine organization](https://github.com/wpengine). + +## Reporting Security Issues + +If you believe you have found a security vulnerability in any Alley-owned +repository, please report it to us via email at opensource@wpengine.com. + +**Please do not report security vulnerabilities through public GitHub issues, +discussions, or pull requests.** + +Please include as much of the information listed below as you can to help us +better understand and resolve the issue: + +- The type of issue (e.g., buffer overflow, SQL injection, or cross-site + scripting). +- Full paths of the source file(s) related to the manifestation of the issue. +- The location of the affected source code (tag/branch/commit or direct URL). +- Any special configuration required to reproduce the issue. +- Step-by-step instructions to reproduce the issue. +- Proof-of-concept or exploit code (if possible). +- Impact of the issue, including how an attacker might exploit the issue. + +This information will help us triage your report more quickly. Thank you for +helping us keep WP Engine and our users safe!