-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #11 from valkey-io/add-security-policy
adding security policy
- Loading branch information
Showing
3 changed files
with
10 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -158,3 +158,4 @@ valkey | |
| valkeymodules | ||
| virtualenv | ||
| www | ||
| md | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -180,22 +180,10 @@ Please try at least versions of Docker. | |
|
|
||
| ## How to Report a Bug | ||
|
|
||
| ### Security Vulnerabilities | ||
|
|
||
| **NOTE**: If you find a security vulnerability, do NOT open an issue. | ||
| Email [Salvatore Mesoraca (<[email protected]>)](mailto:[email protected]) instead. | ||
|
|
||
| In order to determine whether you are dealing with a security issue, ask | ||
| yourself these two questions: | ||
|
|
||
| - Can I access something that's not mine, or something I shouldn't | ||
| have access to? | ||
| - Can I disable something for other people? | ||
| ### Security Vulnerabilities | ||
|
|
||
| If the answer to either of those two questions are *yes*, then you're | ||
| probably dealing with a security issue. Note that even if you answer | ||
| *no* to both questions, you may still be dealing with a security | ||
| issue, so if you're unsure, just email [us](mailto:[email protected]). | ||
| Reporting a vulnerability? See [SECURITY.md](https://github.com/valkey-io/valkey-py/blob/main/SECURITY.md). | ||
|
|
||
| ### Everything Else | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| ## Reporting a Vulnerability | ||
|
|
||
| If you believe you've discovered a security vulnerability, please contact the Valkey team at [email protected]. | ||
| Please *DO NOT* create an issue. | ||
| We follow a responsible disclosure procedure, so depending on the severity of the issue we may notify Valkey vendors about the issue before releasing it publicly. | ||
| If you would like to be added to our list of vendors, please reach out to the Valkey team at [email protected]. | ||
|
|