forked from zendframework/zendframework
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add security disclosure info to README/CONTRIBUTING docs
- Loading branch information
1 parent
43a65f7
commit 264aaa5
Showing
2 changed files
with
29 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -19,7 +19,21 @@ read/subscribe to the following resources: | |
|
||
If you are working on new features, or refactoring an existing | ||
component, please create a proposal. You can do this in on the RFC's | ||
page, http://framework.zend.com/wiki/display/ZFDEV2/RFC%27s. | ||
page, http://framework.zend.com/wiki/display/ZFDEV2/RFC%27s. | ||
|
||
## Reporting Potential Security Issues | ||
|
||
If you have encountered a potential security vulnerability in Zend Framework, please report it to us at [[email protected]](mailto:[email protected]). We will work with you to verify the vulnerability and patch it. | ||
|
||
When reporting issues, please provide the following information: | ||
|
||
- Component(s) affected | ||
- A description indicating how to reproduce the issue | ||
- A summary of the security vulnerability and impact | ||
|
||
We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Zend Framework users and provides them with a chance to upgrade and/or update in order to protect their applications. | ||
|
||
For sensitive email communications, please use [our PGP key](http://framework.zend.com/zf-security-pgp-key.asc). | ||
|
||
## RUNNING TESTS | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -47,6 +47,20 @@ If you would like to be notified of new releases, you can subscribe to | |
the fw-announce mailing list by sending a blank message to | ||
<[email protected]>. | ||
|
||
## Reporting Potential Security Issues | ||
|
||
If you have encountered a potential security vulnerability in Zend Framework, please report it to us at [[email protected]](mailto:[email protected]). We will work with you to verify the vulnerability and patch it. | ||
|
||
When reporting issues, please provide the following information: | ||
|
||
- Component(s) affected | ||
- A description indicating how to reproduce the issue | ||
- A summary of the security vulnerability and impact | ||
|
||
We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Zend Framework users and provides them with a chance to upgrade and/or update in order to protect their applications. | ||
|
||
For sensitive email communications, please use [our PGP key](http://framework.zend.com/zf-security-pgp-key.asc). | ||
|
||
### LICENSE | ||
|
||
The files in this archive are released under the Zend Framework license. | ||
|