From 81bd4ed15e25116b5d5dda80d7a007508e5fa54e Mon Sep 17 00:00:00 2001 From: Guillaume Smet Date: Tue, 12 Sep 2023 16:00:10 +0200 Subject: [PATCH] Update security policy page --- security.adoc | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/security.adoc b/security.adoc index 24cfc4bb18..4d49b27df9 100644 --- a/security.adoc +++ b/security.adoc @@ -12,6 +12,12 @@ permalink: /security/ The Quarkus team and community take all security bugs very seriously. You can find our guidelines here regarding our policy and security disclosure. +[WARNING] +==== +Do NOT report security vulnerabilities in our public bug tracker. +Follow the instructions given in this page. +==== + == Reporting security issues Please report any security issues you find in Quarkus to: @@ -37,14 +43,31 @@ Due to the sensitive nature of security bugs, the disclosure process is more con The community will fix security bugs for the latest major.minor version published at https://quarkus.io/get-started/. -*Version      Supported* + -latest 2.x    ✅ + -older 2.x    ❌ + -< 2.0           ❌ +[%autowidth,cols="1,^1"] +|=== +|Version |Supported + +|Latest 3.x +|✅ + +|3.2 LTS +|✅ + +|Older 3.x +|❌ + +|Latest 2.x +|✅ + +|Older 2.x +|❌ +|< 2.0 +|❌ +|=== -We may fix the vulnerability to older versions depending on the severity of the issue and the age of the release, but we are only committing to the latest version released. +We may fix the vulnerability to older versions depending on the severity of the issue and the age of the release, but we are only committing to the versions mentioned above as supported. == Handling security issues -If you represent a Quarkus extension or a Quarkus platform, you are welcome to subscribe to the security at quarkus.io mailing list. Your subscription will only be approved if you can demonstrate that you will handle issues in confidence and properly credit reporters for discovering issues (e.g. experience with embargoe process). +If you represent a Quarkus extension or a Quarkus platform, you are welcome to subscribe to the security at quarkus.io mailing list. Your subscription will only be approved if you can demonstrate that you will handle issues in confidence and properly credit reporters for discovering issues (e.g. experience with embargo process).