Improve: SECURITY.md for clarity and detail + Adding PVE9 as supported (#7690)
This commit is contained in:
parent
ea58fdb7e0
commit
7961023f8c
52
SECURITY.md
52
SECURITY.md
@ -1,8 +1,12 @@
|
|||||||
|
# Security Policy
|
||||||
|
|
||||||
## Supported Versions
|
## Supported Versions
|
||||||
This project currently supports the following versions of Proxmox VE:
|
|
||||||
|
This project currently supports the following versions of Proxmox VE (PVE):
|
||||||
|
|
||||||
| Version | Supported |
|
| Version | Supported |
|
||||||
| ------- | ------------------ |
|
| ------- | ------------------ |
|
||||||
|
| 9.0.x | :white_check_mark: |
|
||||||
| 8.4.x | :white_check_mark: |
|
| 8.4.x | :white_check_mark: |
|
||||||
| 8.3.x | :white_check_mark: |
|
| 8.3.x | :white_check_mark: |
|
||||||
| 8.2.x | :white_check_mark: |
|
| 8.2.x | :white_check_mark: |
|
||||||
@ -10,15 +14,51 @@ This project currently supports the following versions of Proxmox VE:
|
|||||||
| 8.0.x | Limited support* ❕ |
|
| 8.0.x | Limited support* ❕ |
|
||||||
| < 8.0 | :x: |
|
| < 8.0 | :x: |
|
||||||
|
|
||||||
*Version 8.0.x has limited support. Security updates may not be provided for all issues in this version.
|
*Version 8.0.x has limited support. Security updates may not be provided for all issues affecting this version.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
## Reporting a Vulnerability
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
Security vulnerabilities shouldn’t be reported publicly to prevent potential exploitation. Instead, please report any vulnerabilities privately by reaching out directly to us. You can either join our [Discord server](https://discord.gg/jsYVk5JBxq) and send a direct message to a maintainer or contact us via email at contact@community-scripts.org. Be sure to include a detailed description of the vulnerability and the steps to reproduce it. Thank you for helping us keep our project secure!
|
Security vulnerabilities must not be reported publicly to avoid potential exploitation.
|
||||||
|
Instead, please report them privately via one of the following channels:
|
||||||
|
|
||||||
Once a vulnerability has been reported, the project maintainers will review it and acknowledge the report within 7 business days. We will then work to address the vulnerability and provide a fix as soon as possible. Depending on the severity of the issue, a patch may be released immediately or included in the next scheduled update.
|
- **Discord**: Join our [Discord server](https://discord.gg/jsYVk5JBxq) and send a direct message to a maintainer.
|
||||||
|
- **Email**: Write to us at **contact@community-scripts.org** with the subject line:
|
||||||
|
`Vulnerability Report - <Project/Script Name>`.
|
||||||
|
|
||||||
Please note that not all reported vulnerabilities may be accepted. The project maintainers reserve the right to decline a vulnerability report if it is deemed to be a low-risk issue or if it conflicts with the project's design or architecture. In such cases, we will provide an explanation for the decision.
|
When reporting a vulnerability, please provide:
|
||||||
|
|
||||||
If you have any questions or concerns about this security policy, please don't hesitate to contact the project maintainers.
|
- A clear description of the issue
|
||||||
|
- Steps to reproduce the vulnerability
|
||||||
|
- Affected versions or environments
|
||||||
|
- (Optional) Suggested fixes or workarounds
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Response Process
|
||||||
|
|
||||||
|
1. **Acknowledgment**
|
||||||
|
- We will review and acknowledge your report within **7 business days**.
|
||||||
|
|
||||||
|
2. **Assessment**
|
||||||
|
- The maintainers will verify the issue and classify its severity.
|
||||||
|
- Depending on impact, a patch may be released immediately or scheduled for the next update.
|
||||||
|
|
||||||
|
3. **Resolution**
|
||||||
|
- Critical security fixes will be prioritized.
|
||||||
|
- Non-critical issues may be deferred or declined with an explanation.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Disclaimer
|
||||||
|
|
||||||
|
Not all reported issues will be treated as vulnerabilities.
|
||||||
|
Reports may be declined if they are deemed:
|
||||||
|
- Low-risk
|
||||||
|
- Out of project scope
|
||||||
|
- Conflicting with intended design or architecture
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
If you have any questions or concerns about this security policy, please reach out to the maintainers through the contact options above.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user