Skip to content

Commit fa8137b

Browse files
committed
Add security policy
1 parent ada9896 commit fa8137b

1 file changed

Lines changed: 29 additions & 0 deletions

File tree

.github/SECURITY.md

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
# Security Policy
2+
3+
## Supported Versions
4+
5+
We support fixing security issues on the following releases:
6+
7+
| Version | Supported | Security fixes until
8+
| ------- | ------------------ | --------------------
9+
| 4.x | :white_check_mark: | Currently supported
10+
| 3.x | :white_check_mark: | The release of 5.x
11+
| 2.x | :white_check_mark: | 36 Months after the release of CakePHP 5.0 (09 Sep 2026)
12+
| 1.x | :x: | No longer supported
13+
14+
## Reporting a Vulnerability
15+
16+
If you've found a security issue in the CakePHP Authentication plugin, please use the following procedure
17+
instead of the normal bug reporting system. Instead of using the bug tracker,
18+
or one of the support forums please send an email to security [at] cakephp.org. Emails
19+
sent to this address go to the CakePHP core team on a private mailing list.
20+
21+
For each report, we try to first confirm the vulnerability. Once confirmed,
22+
the CakePHP team will take the following actions:
23+
24+
* Acknowledge to the reporter that we've received the issue, and are
25+
working on a fix. We ask that the reporter keep the issue confidential until we announce it.
26+
* Get a fix/patch prepared.
27+
* Prepare a post describing the vulnerability, and the possible exploits.
28+
* Release new versions of all affected versions.
29+
* Prominently feature the problem in the release announcement

0 commit comments

Comments
 (0)