Mirror
/
RoundcubeMail
mirror of https://github.com/roundcube/roundcubemail.git
1
0
Fork 0
Code Issues Releases Wiki Activity
RoundCube Webmail
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9310 Commits
58 Branches
196 Tags
151 MiB
Tree: 1.6.11
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1.6.11'
${ noResults }
RoundcubeMail/SECURITY.md

19 lines
1.0 KiB
Raw Permalink Normal View History

Add security policy document
5 years ago
Introduce security@roundcube.net as security contact (#9694) Using a dedicated email address with a dedicated PGP key allows to give multiple people access while still keeping things under wrap. A single, private email address as security contact is such a huge bus factor, which we should avoid. Event just a holiday or illness could lead to escalation due to missing replies. Also, in case of potentially severe security issues Nextcloud's security team must have access to all details and communication. This is already given for all issues reported via hackerone.com, and with this change is now also enabled for issues reported by email. (cherry picked from commit 0440792e4ec8894e04064ac86f3b430b37f62f6f)
9 months ago
Add security policy document
5 years ago
Introduce security@roundcube.net as security contact (#9694) Using a dedicated email address with a dedicated PGP key allows to give multiple people access while still keeping things under wrap. A single, private email address as security contact is such a huge bus factor, which we should avoid. Event just a holiday or illness could lead to escalation due to missing replies. Also, in case of potentially severe security issues Nextcloud's security team must have access to all details and communication. This is already given for all issues reported via hackerone.com, and with this change is now also enabled for issues reported by email. (cherry picked from commit 0440792e4ec8894e04064ac86f3b430b37f62f6f)
9 months ago
Add security policy document
5 years ago
Spelling (#8001)
4 years ago
Add security policy document
5 years ago
  1. # Security Policy
  3. ## Supported Versions
  5. Check our website's [download page](https://roundcube.net/download/) to see which versions are still supported and will receive security updates.
  7. ## Reporting a Vulnerability
  9. If you found a security issue or vulnerability of the software, please report it to [Nextcloud's HackerOne](https://hackerone.com/nextcloud).
  11. Your report should include clear steps for reproduction and a classification of the found vulnerability.
  13. If you prefer, you can also send an encrypted email message to `security [at] roundcube.net`. The [PGP key](https://roundcube.net/download/security.roundcube.net.pub)'s fingerprint is `ACFCF63232B79518E632EC4B0127B799F939816F`.
  15. ## Publishing and Credits
  17. We're dedicated to analyze and fix the reported issues as fast a possible. Usually within days we'll have an update ready.
  18. Together with the reporter we plan the releasing and the disclosure of the found and fixed vulnerability.
  19. Credits to the reporter are granted and can be included in all public communication if desired.