Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #16044 from cakephp/3.x-security.md-github-folder

[3.x] SECURITY.md in .github folder
Mark Story 4 years ago
parent
aac3e09a0f 8ab2bb8be2
commit
9449a34f9c
2 changed files with 7 additions and 14 deletions
Split View Show Diff Stats
  1. 5 5
      SECURITY.md
  2. 2 9
      README.md

+ 5 - 5
SECURITY.md
View File 

@@ -14,15 +14,15 @@ We support fixing security issues on the following releases:
 
 
 ## Reporting a Vulnerability
 
 
-If you’ve found a security issue in CakePHP, please use the following procedure 
-instead of the normal bug reporting system. Instead of using the bug tracker, 
-mailing list or IRC please send an email to security [at] cakephp.org. Emails 
+If you’ve found a security issue in CakePHP, please use the following procedure
 
+instead of the normal bug reporting system. Instead of using the bug tracker,
 
+mailing list or IRC please send an email to security [at] cakephp.org. Emails
 
 sent to this address go to the CakePHP core team on a private mailing list.
 
 
-For each report, we try to first confirm the vulnerability. Once confirmed, 
+For each report, we try to first confirm the vulnerability. Once confirmed,
 
 the CakePHP team will take the following actions:
 
 
-* Acknowledge to the reporter that we’ve received the issue, and are 
+* Acknowledge to the reporter that we’ve received the issue, and are
 
   working on a fix. We ask that the reporter keep the issue confidential until we announce it.
 
 * Get a fix/patch prepared.
 
 * Prepare a post describing the vulnerability, and the possible exploits.

+ 2 - 9
README.md
View File 

@@ -78,12 +78,5 @@ tests for CakePHP by doing the following:
 
 
 # Security
 
 
-If you’ve found a security issue in CakePHP, please use the following procedure instead of the normal bug reporting system. Instead of using the bug tracker, mailing list or IRC please send an email to security [at] cakephp.org. Emails sent to this address go to the CakePHP core team on a private mailing list.
 
-
 
-For each report, we try to first confirm the vulnerability. Once confirmed, the CakePHP team will take the following actions:
 
-
 
-- Acknowledge to the reporter that we’ve received the issue, and are working on a fix. We ask that the reporter keep the issue confidential until we announce it.
 
-- Get a fix/patch prepared.
 
-- Prepare a post describing the vulnerability, and the possible exploits.
 
-- Release new versions of all affected versions.
 
-- Prominently feature the problem in the release announcement.
 
+If you’ve found a security issue in CakePHP, please use the procedure
 
+described in [SECURITY.md](.github/SECURITY.md).