[postgis-tickets] [SCM] PostGIS branch stable-3.0 updated. f443a7cda1aa0bc4c8df71cb80784850704e1c86

git at osgeo.org git at osgeo.org
Wed Dec 11 06:20:42 PST 2019 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "PostGIS".

The branch, stable-3.0 has been updated
       via  f443a7cda1aa0bc4c8df71cb80784850704e1c86 (commit)
      from  44b19e25470dfab632f0ec32842e2487649e8a9a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f443a7cda1aa0bc4c8df71cb80784850704e1c86
Author: Raúl Marín <git at rmr.ninja>
Date:   Wed Dec 11 15:18:18 2019 +0100

    Include a security notice

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..b920913
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,26 @@
+# Security Policies and Procedures
+
+If you believe you have found a security vulnerability in PostGIS please report it to us following the procedure below. We appreciate your efforts to disclose the issue responsibly.
+
+## Reporting a Vulnerability
+
+To report a security issue, please email the team at [security at postgis.net](mailto:security at postgis.net), which is a private maintainer-only group. The security team will reply as soon as
+possible to acknowledge the receipt of your message and to discuss future steps or request additional information.
+
+For reporting non-security issues, please use the traditional channels and open a [Trac ticket](https://trac.osgeo.org/postgis/) or use the public mailing lists ([users](https://lists.osgeo.org/mailman/listinfo/postgis-users) and [devel](https://lists.osgeo.org/mailman/listinfo/postgis-devel).
+
+To help us better diagnose the issue, please include the following information (as much as you can provide):
+
+- Current PostGIS version: `SELECT postgis_full_version();`.
+- Current PostgreSQL version: `SELECT version();`.
+- Step by step instructions to reproduce the issue.
+
+## Procedure
+
+Upon receiving a vulnerability report, the security team will:
+
+* Confirm the vulnerability and the affected releases.
+* Verify if there are similar problems in the code.
+* Patch all releases still under maintenance and release micro versions including the fix.
+
+Please note that issues in [unsupported releases](https://trac.osgeo.org/postgis/wiki/UsersWikiPostgreSQLPostGIS) will likely not be addressed, and issues with third party dependencies need to be reported to the team maintaining them.

-----------------------------------------------------------------------

Summary of changes:
 SECURITY.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 SECURITY.md


hooks/post-receive
-- 
PostGIS

More information about the postgis-tickets mailing list