Skip to content

Commit

Permalink
Add security disclosure info to README/CONTRIBUTING docs
Browse files Browse the repository at this point in the history
  • Loading branch information
EvanDotPro committed Nov 12, 2013
1 parent 43a65f7 commit 264aaa5
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 1 deletion.
16 changes: 15 additions & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,21 @@ read/subscribe to the following resources:

If you are working on new features, or refactoring an existing
component, please create a proposal. You can do this in on the RFC's
page, http://framework.zend.com/wiki/display/ZFDEV2/RFC%27s.
page, http://framework.zend.com/wiki/display/ZFDEV2/RFC%27s.

## Reporting Potential Security Issues

If you have encountered a potential security vulnerability in Zend Framework, please report it to us at [[email protected]](mailto:[email protected]). We will work with you to verify the vulnerability and patch it.

When reporting issues, please provide the following information:

- Component(s) affected
- A description indicating how to reproduce the issue
- A summary of the security vulnerability and impact

We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Zend Framework users and provides them with a chance to upgrade and/or update in order to protect their applications.

For sensitive email communications, please use [our PGP key](http://framework.zend.com/zf-security-pgp-key.asc).

## RUNNING TESTS

Expand Down
14 changes: 14 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,20 @@ If you would like to be notified of new releases, you can subscribe to
the fw-announce mailing list by sending a blank message to
<[email protected]>.

## Reporting Potential Security Issues

If you have encountered a potential security vulnerability in Zend Framework, please report it to us at [[email protected]](mailto:[email protected]). We will work with you to verify the vulnerability and patch it.

When reporting issues, please provide the following information:

- Component(s) affected
- A description indicating how to reproduce the issue
- A summary of the security vulnerability and impact

We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Zend Framework users and provides them with a chance to upgrade and/or update in order to protect their applications.

For sensitive email communications, please use [our PGP key](http://framework.zend.com/zf-security-pgp-key.asc).

### LICENSE

The files in this archive are released under the Zend Framework license.
Expand Down

0 comments on commit 264aaa5

Please sign in to comment.