[postgis-tickets] [SCM] PostGIS branch master updated. cbe8fc68ce0a28edbdc757a40569cc6a70c616b2

git at osgeo.org git at osgeo.org
Wed Dec 11 06:18:29 PST 2019 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "PostGIS".

The branch, master has been updated
       via  cbe8fc68ce0a28edbdc757a40569cc6a70c616b2 (commit)
      from  e18a0b84dfa0995f3f78d52227aceb3b3e494a52 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit cbe8fc68ce0a28edbdc757a40569cc6a70c616b2
Author: Raúl Marín <git at rmr.ninja>
Date:   Wed Dec 11 15:18:18 2019 +0100

    Include a security notice

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..b920913
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,26 @@
+# Security Policies and Procedures
+
+If you believe you have found a security vulnerability in PostGIS please report it to us following the procedure below. We appreciate your efforts to disclose the issue responsibly.
+
+## Reporting a Vulnerability
+
+To report a security issue, please email the team at [security at postgis.net](mailto:security at postgis.net), which is a private maintainer-only group. The security team will reply as soon as
+possible to acknowledge the receipt of your message and to discuss future steps or request additional information.
+
+For reporting non-security issues, please use the traditional channels and open a [Trac ticket](https://trac.osgeo.org/postgis/) or use the public mailing lists ([users](https://lists.osgeo.org/mailman/listinfo/postgis-users) and [devel](https://lists.osgeo.org/mailman/listinfo/postgis-devel).
+
+To help us better diagnose the issue, please include the following information (as much as you can provide):
+
+- Current PostGIS version: `SELECT postgis_full_version();`.
+- Current PostgreSQL version: `SELECT version();`.
+- Step by step instructions to reproduce the issue.
+
+## Procedure
+
+Upon receiving a vulnerability report, the security team will:
+
+* Confirm the vulnerability and the affected releases.
+* Verify if there are similar problems in the code.
+* Patch all releases still under maintenance and release micro versions including the fix.
+
+Please note that issues in [unsupported releases](https://trac.osgeo.org/postgis/wiki/UsersWikiPostgreSQLPostGIS) will likely not be addressed, and issues with third party dependencies need to be reported to the team maintaining them.

-----------------------------------------------------------------------

Summary of changes:
 SECURITY.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 SECURITY.md


hooks/post-receive
-- 
PostGIS

More information about the postgis-tickets mailing list