RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: misc fixes (#5088)

pull/5089/head
James Elliott 2023-03-19 17:57:26 +11:00 committed by GitHub
parent a2b3cbd794
commit d5a4de2d98
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
SECURITY.md
View File

@ -66,8 +66,13 @@ with the `Core Team` role.
5. The vulnerability is patched, and if possible the user reporting the bug is given access to a fixed binary, docker
image, and git patch.
6. The patch is confirmed to resolve the vulnerability.
7. The fix is released.
8. The [security advisory] is published sometime after users have had a chance to update.
7. The fix is released and users are notified that they should update urgently.
8. The [security advisory] is published when (whichever happens sooner):
- The CVE details are published by [MITRE], [NIST], etc.
- Roughly 7 days after users have been notified the update is available.
[MITRE]: https://www.mitre.org/
[NIST]: https://www.nist.gov/
## Credit

7
docs/content/en/information/contact.md
View File

@ -26,9 +26,10 @@ informational page.
The [GitHub Discussions](https://github.com/authelia/authelia/discussions) forum is the correct location to discus
anything that is not a bug or feature request such as:
- Ideas about
If you have a general question or want to discuss an idea that you're not entirely sure about out please visit
[GitHub Discussions](https://github.com/authelia/authelia/discussions) and start a new discussion.
- Ideas about future features where it's not clear most people can use it (allows users to vote on it)
- Questions / Support Requests
- Sharing configuration or utilization ideas (i.e. show your setup) for things that are not obvious
- Any issue you're experiencing that may or may not be a bug (i.e you're unsure if it's a bug)
### Issues

9
docs/content/en/policies/security.md
View File

@ -71,8 +71,13 @@ The core team members are identified in [Matrix](../information/contact.md#matri
5. The vulnerability is patched, and if possible the user reporting the bug is given access to a fixed binary, docker
image, and git patch.
6. The patch is confirmed to resolve the vulnerability.
7. The fix is released.
8. The [security advisory] is published sometime after users have had a chance to update.
7. The fix is released and users are notified that they should update urgently.
8. The [security advisory] is published when (whichever happens sooner):
- The CVE details are published by [MITRE], [NIST], etc.
- Roughly 7 days after users have been notified the update is available.
[MITRE]: https://www.mitre.org/
[NIST]: https://www.nist.gov/
## Credit