mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 11:04:25 +00:00
abf5151653
* Updates up to "PROJECT" Capitalisation of headings and buttons using the rules recommended here: https://grammar.yourdictionary.com/capitalization/rules-for-capitalization-in-titles.html * Spell checking and minor improvements * only deploy docs on master * Improved reference to security repo. * Completed en.json and re-worked de.json up to "VALIDATION". * Re-work up to "MEMBERSHIP" * Completed language strings. * Updates to INVALIDPATTERN. Proposal for the message string in English and German . * Re-work of personal pronouns in German language strings. Changing de.json from "Sie" to "Du" and other improvements. * Apply suggestions from code review Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update SECURITY.md Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update console/src/assets/i18n/de.json * Apply suggestions from code review * Update console/src/assets/i18n/de.json * Update console/src/assets/i18n/de.json * Update console/src/assets/i18n/en.json Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
43 lines
1.5 KiB
Markdown
43 lines
1.5 KiB
Markdown
# Security Policy
|
|
|
|
At CAOS we are extremely grateful for security aware people who disclose vulnerabilities to us and the open source community. All reports will be investigated by our team.
|
|
|
|
## Supported Versions
|
|
|
|
After the initial Release the following version support will apply
|
|
|
|
| Version | Supported |
|
|
| ------- | ------------------ |
|
|
| 1.x.x | :white_check_mark: (not yet available) |
|
|
| 0.x.x | :x: |
|
|
|
|
## Reporting a vulnerability
|
|
|
|
To file an incident, please disclose it by e-mail to security@zitadel.ch including the details of the vulnerability.
|
|
|
|
At the moment GPG encryption is no yet supported, however you may sign your message at will.
|
|
|
|
### When should I report a vulnerability
|
|
|
|
* You think you discovered a
|
|
* potential security vulnerability in `ZITADEL`
|
|
* vulnerability in another project that `ZITADEL` is based on
|
|
* For projects with their own vulnerability reporting and disclosure process, please report it directly there
|
|
|
|
### When should I NOT report a vulnerability
|
|
|
|
* You need help applying security related updates
|
|
* Your issue is not security related
|
|
|
|
## Security Vulnerability Response
|
|
|
|
TBD
|
|
|
|
## Public Disclosure
|
|
|
|
All accepted and mitigated vulnerabilities will be published on [ZITADEL's GitHub Security Page](https://github.com/caos/zitadel/security/advisories).
|
|
|
|
### Timing
|
|
|
|
We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknown nature of the discloures the time frame can range from 7 to 90 days.
|