Skip to content

Commit

Permalink
Merge pull request #1776 from gsmet/security-policy
Browse files Browse the repository at this point in the history
Update security policy page
  • Loading branch information
gsmet authored Sep 14, 2023
2 parents ba40f6e + 81bd4ed commit a23d908
Showing 1 changed file with 29 additions and 6 deletions.
35 changes: 29 additions & 6 deletions security.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@ permalink: /security/

The Quarkus team and community take all security bugs very seriously. You can find our guidelines here regarding our policy and security disclosure.

[WARNING]
====
Do NOT report security vulnerabilities in our public bug tracker.
Follow the instructions given in this page.
====

== Reporting security issues

Please report any security issues you find in Quarkus to:
Expand All @@ -37,14 +43,31 @@ Due to the sensitive nature of security bugs, the disclosure process is more con

The community will fix security bugs for the latest major.minor version published at https://quarkus.io/get-started/.

*Version      Supported* +
latest 2.x    ✅ +
older 2.x    ❌ +
< 2.0 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ❌
[%autowidth,cols="1,^1"]
|===
|Version |Supported

|Latest 3.x
|✅

|3.2 LTS
|✅

|Older 3.x
|❌

|Latest 2.x
|✅

|Older 2.x
|❌

|< 2.0
|❌
|===

We may fix the vulnerability to older versions depending on the severity of the issue and the age of the release, but we are only committing to the latest version released.
We may fix the vulnerability to older versions depending on the severity of the issue and the age of the release, but we are only committing to the versions mentioned above as supported.

== Handling security issues

If you represent a Quarkus extension or a Quarkus platform, you are welcome to subscribe to the security at quarkus.io mailing list. Your subscription will only be approved if you can demonstrate that you will handle issues in confidence and properly credit reporters for discovering issues (e.g. experience with embargoe process).
If you represent a Quarkus extension or a Quarkus platform, you are welcome to subscribe to the security at quarkus.io mailing list. Your subscription will only be approved if you can demonstrate that you will handle issues in confidence and properly credit reporters for discovering issues (e.g. experience with embargo process).

0 comments on commit a23d908

Please sign in to comment.