homelab/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2026-06-23 04:10:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
develop
hedgedoc/SECURITY.md
T
Erik Michelson f8eb7bdb7c docs(security): add notice about HD2-preview exemption 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2026-05-18 21:08:19 +02:00

56 lines
2.6 KiB
Markdown
Raw Permalink Blame History

<!--
SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
SPDX-License-Identifier: CC-BY-SA-4.0
-->
# Security Policy
## Supported Versions
Only the latest release of HedgeDoc is supported. We don't have the
ressources to maintain multiple versions.
We currently do not accept vulnerability reports for preview releases
of the upcoming HedgeDoc 2.0. This version is still work-in-progress
with several (security) features missing. Production usage is not yet
recommended.
Security reports for preview releases of HedgeDoc 2.0 will be closed.
## Reporting a Vulnerability
Please go to ["Issues" > "New" > "Report a security vulnerability"][report]. This
allows you to get in direct, but private contact with us. There is some more detailed
documentation [available by GitHub][github_report_docs].
> **Tip**: In this form, only the title and description are mandatory [so don't
> worry if you can't fill everything]. […] However, we recommend security
> researchers provide as much information as possible on the form so that [we]
> can make an informed decision about the submitted report. You can adopt the
> template used by [GitHub's] security researchers from the GitHub Security
> Lab, which is available on the [github/securitylab
> repository][best_practice]."
We'll get back to you as soon as possible. You can expect an answer within
3 days, in rare cases within a month. If you don't get a reply within a month,
please reach out for other contact addresses in the [community chat][community_chat].
When your findings are accepted as a security issue, we'll work on a fix or
at least a workaround for the next release. With the release that contained
the fix, we want to encourage you to publish your findings as you like.
We'll also credit you in the release notes.
When your findings are not accepted as a security issue, feel free to write
a fix yourself and contribute it to HedgeDoc, as well as publish them as you
like and allow people to make an informed decision about using HedgeDoc.
If you have any further questions, feel free to reach out to the
[community chat][community_chat] or the mentioned contacts above.
[repo]: https://github.com/hedgedoc/hedgedoc
[report]: https://github.com/hedgedoc/hedgedoc/security/advisories/new
[github_report_docs]: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability
[community_chat]: https://chat.hedgedoc.org
[best_practice]: https://github.com/github/securitylab/blob/main/docs/report-template.md
Reference in New Issue View Git Blame Copy Permalink