[postgis-tickets] [SCM] PostGIS branch stable-2.4 updated. 95a984c4e3b2f51f60b48c1704729c00f5bd59f1
git at osgeo.org
git at osgeo.org
Wed Dec 11 06:22:20 PST 2019
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "PostGIS".
The branch, stable-2.4 has been updated
via 95a984c4e3b2f51f60b48c1704729c00f5bd59f1 (commit)
from 73c0e11c754b47dd80b16b313c65ddb10bdbfdc6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 95a984c4e3b2f51f60b48c1704729c00f5bd59f1
Author: Raúl Marín <git at rmr.ninja>
Date: Wed Dec 11 15:18:18 2019 +0100
Include a security notice
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..b920913
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,26 @@
+# Security Policies and Procedures
+
+If you believe you have found a security vulnerability in PostGIS please report it to us following the procedure below. We appreciate your efforts to disclose the issue responsibly.
+
+## Reporting a Vulnerability
+
+To report a security issue, please email the team at [security at postgis.net](mailto:security at postgis.net), which is a private maintainer-only group. The security team will reply as soon as
+possible to acknowledge the receipt of your message and to discuss future steps or request additional information.
+
+For reporting non-security issues, please use the traditional channels and open a [Trac ticket](https://trac.osgeo.org/postgis/) or use the public mailing lists ([users](https://lists.osgeo.org/mailman/listinfo/postgis-users) and [devel](https://lists.osgeo.org/mailman/listinfo/postgis-devel).
+
+To help us better diagnose the issue, please include the following information (as much as you can provide):
+
+- Current PostGIS version: `SELECT postgis_full_version();`.
+- Current PostgreSQL version: `SELECT version();`.
+- Step by step instructions to reproduce the issue.
+
+## Procedure
+
+Upon receiving a vulnerability report, the security team will:
+
+* Confirm the vulnerability and the affected releases.
+* Verify if there are similar problems in the code.
+* Patch all releases still under maintenance and release micro versions including the fix.
+
+Please note that issues in [unsupported releases](https://trac.osgeo.org/postgis/wiki/UsersWikiPostgreSQLPostGIS) will likely not be addressed, and issues with third party dependencies need to be reported to the team maintaining them.
-----------------------------------------------------------------------
Summary of changes:
SECURITY.md | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
create mode 100644 SECURITY.md
hooks/post-receive
--
PostGIS
More information about the postgis-tickets
mailing list