mirror of
https://github.com/openzfs/zfs.git
synced 2026-07-16 17:27:25 +02:00
Add SECURITY.md policy file
CodeQL / Analyze (cpp) (push) Has been cancelled
unit-tests / unit-tests (push) Has been cancelled
checkstyle / checkstyle (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
smatch / smatch (push) Has been cancelled
zfs-arm / ZFS ARM build (push) Has been cancelled
zfs-qemu / Setup (push) Has been cancelled
zloop / zloop (push) Has been cancelled
zfs-qemu / qemu-x86 (push) Has been cancelled
zfs-qemu / Cleanup (push) Has been cancelled
CodeQL / Analyze (cpp) (push) Has been cancelled
unit-tests / unit-tests (push) Has been cancelled
checkstyle / checkstyle (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
smatch / smatch (push) Has been cancelled
zfs-arm / ZFS ARM build (push) Has been cancelled
zfs-qemu / Setup (push) Has been cancelled
zloop / zloop (push) Has been cancelled
zfs-qemu / qemu-x86 (push) Has been cancelled
zfs-qemu / Cleanup (push) Has been cancelled
Add a basic SECURITY.md file to establish the repository's security reporting policy. Includes guidance for reporting security issues and what to expect. Reviewed-by: Allan Jude <allan@klarasystems.com> Reviewed-by: George Melikov <mail@gmelikov.ru> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Closes #18766
This commit is contained in:
@@ -59,6 +59,7 @@
|
||||
!NOTICE
|
||||
!README.md
|
||||
!RELEASES.md
|
||||
!SECURITY.md
|
||||
!TEST
|
||||
!zfs.release.in
|
||||
|
||||
|
||||
+29
@@ -0,0 +1,29 @@
|
||||
# Security Policy
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
We encourage responsible disclosure of security vulnerabilities. If you
|
||||
find something suspicious, we encourage and appreciate your report.
|
||||
|
||||
The preferred way to report a vulnerability is to use the
|
||||
**"Report a vulnerability"** button under the **Security** tab of the
|
||||
OpenZFS GitHub repository. This creates a private communication channel
|
||||
between you and the maintainers, allowing us to review the report
|
||||
confidentially and respond as quickly as possible.
|
||||
|
||||
Please include, if possible:
|
||||
|
||||
- A clear description of the issue
|
||||
- Steps to reproduce the problem
|
||||
- Affected versions or branches
|
||||
- Any proof of concept, logs, or screenshots
|
||||
- Your assessment of the potential impact
|
||||
|
||||
## What to Expect
|
||||
|
||||
- We will review security reports as soon as practical.
|
||||
- We may ask follow-up questions to better understand the issue.
|
||||
- Please allow time for investigation and coordination before public
|
||||
disclosure.
|
||||
- If the issue is confirmed, we will work on a fix and release a security
|
||||
update as needed for supported OpenZFS versions.
|
||||
Reference in New Issue
Block a user