RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: misc fixes (#5088)

pull/5089/head
James Elliott 2023-03-19 17:57:26 +11:00 committed by GitHub
parent a2b3cbd794
commit d5a4de2d98
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
SECURITY.md
View File

@ -66,8 +66,13 @@ with the `Core Team` role.
5. The vulnerability is patched, and if possible the user reporting the bug is given access to a fixed binary, docker 5. The vulnerability is patched, and if possible the user reporting the bug is given access to a fixed binary, docker
image, and git patch. image, and git patch.
6. The patch is confirmed to resolve the vulnerability. 6. The patch is confirmed to resolve the vulnerability.
7. The fix is released. 7. The fix is released and users are notified that they should update urgently.
8. The [security advisory] is published sometime after users have had a chance to update. 8. The [security advisory] is published when (whichever happens sooner):
- The CVE details are published by [MITRE], [NIST], etc.
- Roughly 7 days after users have been notified the update is available.
[MITRE]: https://www.mitre.org/
[NIST]: https://www.nist.gov/
## Credit ## Credit

7
docs/content/en/information/contact.md
View File

@ -26,9 +26,10 @@ informational page.
The [GitHub Discussions](https://github.com/authelia/authelia/discussions) forum is the correct location to discus The [GitHub Discussions](https://github.com/authelia/authelia/discussions) forum is the correct location to discus
anything that is not a bug or feature request such as: anything that is not a bug or feature request such as:
- Ideas about - Ideas about future features where it's not clear most people can use it (allows users to vote on it)
If you have a general question or want to discuss an idea that you're not entirely sure about out please visit - Questions / Support Requests
[GitHub Discussions](https://github.com/authelia/authelia/discussions) and start a new discussion. - Sharing configuration or utilization ideas (i.e. show your setup) for things that are not obvious
- Any issue you're experiencing that may or may not be a bug (i.e you're unsure if it's a bug)
### Issues ### Issues

9
docs/content/en/policies/security.md
View File

@ -71,8 +71,13 @@ The core team members are identified in [Matrix](../information/contact.md#matri
5. The vulnerability is patched, and if possible the user reporting the bug is given access to a fixed binary, docker 5. The vulnerability is patched, and if possible the user reporting the bug is given access to a fixed binary, docker
image, and git patch. image, and git patch.
6. The patch is confirmed to resolve the vulnerability. 6. The patch is confirmed to resolve the vulnerability.
7. The fix is released. 7. The fix is released and users are notified that they should update urgently.
8. The [security advisory] is published sometime after users have had a chance to update. 8. The [security advisory] is published when (whichever happens sooner):
- The CVE details are published by [MITRE], [NIST], etc.
- Roughly 7 days after users have been notified the update is available.
[MITRE]: https://www.mitre.org/
[NIST]: https://www.nist.gov/
## Credit ## Credit