|
|
@@ -14,15 +14,15 @@ We support fixing security issues on the following releases:
|
|
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
|
|
-If you’ve found a security issue in CakePHP, please use the following procedure
|
|
|
-instead of the normal bug reporting system. Instead of using the bug tracker,
|
|
|
-mailing list or IRC please send an email to security [at] cakephp.org. Emails
|
|
|
+If you’ve found a security issue in CakePHP, please use the following procedure
|
|
|
+instead of the normal bug reporting system. Instead of using the bug tracker,
|
|
|
+mailing list or IRC please send an email to security [at] cakephp.org. Emails
|
|
|
sent to this address go to the CakePHP core team on a private mailing list.
|
|
|
|
|
|
-For each report, we try to first confirm the vulnerability. Once confirmed,
|
|
|
+For each report, we try to first confirm the vulnerability. Once confirmed,
|
|
|
the CakePHP team will take the following actions:
|
|
|
|
|
|
-* Acknowledge to the reporter that we’ve received the issue, and are
|
|
|
+* Acknowledge to the reporter that we’ve received the issue, and are
|
|
|
working on a fix. We ask that the reporter keep the issue confidential until we announce it.
|
|
|
* Get a fix/patch prepared.
|
|
|
* Prepare a post describing the vulnerability, and the possible exploits.
|
ravage84