Skip to content

Commit

Permalink
Update security policy page
Browse files Browse the repository at this point in the history
  • Loading branch information
gsmet committed Sep 12, 2023
1 parent 0f0b3d1 commit 81bd4ed
Showing 1 changed file with 29 additions and 6 deletions.
35 changes: 29 additions & 6 deletions security.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@ permalink: /security/

The Quarkus team and community take all security bugs very seriously. You can find our guidelines here regarding our policy and security disclosure.

[WARNING]
====
Do NOT report security vulnerabilities in our public bug tracker.
Follow the instructions given in this page.
====

== Reporting security issues

Please report any security issues you find in Quarkus to:
Expand All @@ -37,14 +43,31 @@ Due to the sensitive nature of security bugs, the disclosure process is more con

The community will fix security bugs for the latest major.minor version published at https://quarkus.io/get-started/.

*Version      Supported* +
latest 2.x    ✅ +
older 2.x    ❌ +
< 2.0 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ❌
[%autowidth,cols="1,^1"]
|===
|Version |Supported

|Latest 3.x
|✅

|3.2 LTS
|✅

|Older 3.x
|❌

|Latest 2.x
|✅

|Older 2.x
|❌

|< 2.0
|❌
|===

We may fix the vulnerability to older versions depending on the severity of the issue and the age of the release, but we are only committing to the latest version released.
We may fix the vulnerability to older versions depending on the severity of the issue and the age of the release, but we are only committing to the versions mentioned above as supported.

== Handling security issues

If you represent a Quarkus extension or a Quarkus platform, you are welcome to subscribe to the security at quarkus.io mailing list. Your subscription will only be approved if you can demonstrate that you will handle issues in confidence and properly credit reporters for discovering issues (e.g. experience with embargoe process).
If you represent a Quarkus extension or a Quarkus platform, you are welcome to subscribe to the security at quarkus.io mailing list. Your subscription will only be approved if you can demonstrate that you will handle issues in confidence and properly credit reporters for discovering issues (e.g. experience with embargo process).

0 comments on commit 81bd4ed

Please sign in to comment.