Skip to content

Security: grinish21/gogs

Security

SECURITY.md

Security policy

Supported versions

Only lastest two minor version releases are supported (>= 0.12) for accepting vulnerability reports and patching fixes.

Existing vulnerability reports are being tracked in GitHub Security Advisories.

Vulnerability lifecycle

Important

Starting Nov 9, 2023 00:00 UTC, only security vulnerabilities reported through GitHub Security Advisories are accepted. Pre-existing vulnerability reported through https://huntr.dev/ or email ([email protected]) will continue to be worked through.

  1. Report a vulnerability
  2. Project maintainers review the report and either:
    • Ask clarifying questions
    • Confirm or deny the vulnerability
  3. Once the vulnerability is confirmed, the reporter may submit a patch or wait for project maintainers to patch.
    • The latter is usually significantly slower.
  4. Patch releases will be made for the supported versions.
  5. Publish the report on GitHub Security Advisories.

Thank you!

There aren’t any published security advisories