From def99f6902c6ea9721b2b25e02075e8f60a4ba98 Mon Sep 17 00:00:00 2001 From: Sam Geo Date: Thu, 4 Mar 2021 12:33:16 +1100 Subject: [PATCH] Core team to handle security reports --- SECURITY.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index c49606fa5..182f232b9 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,11 +1,13 @@ # Security Policy -**PLEASE DON'T DISCLOSE SECURITY-RELATED ISSUES PUBLICLY, [SEE BELOW](#reporting-a-vulnerability).** +**Please do NOT disclose security-related issues in public, [see instructions below](#reporting-a-vulnerability).** ## Supported Versions -October is evergreen, no one version is singled out for security fixes because there is no way to update just one version. Builds are continually released and security fixes will always be available in the latest build. +October CMS is an evergreen product, no one version is singled out for security fixes because there is no way to update just one version. Builds are continually released and security fixes will always be available in the latest build. We encourage all users to upgrade their websites to the latest version. + +In cases where there are platform versioning constraints, such as old version of Laravel or PHP, we will make a best effort to backport security fixes to these compatible versions. ## Reporting a Vulnerability -If you discover a security vulnerability within OctoberCMS, please send an email to Luke Towers at octobercms@luketowers.ca and Samuel Georges at hello@octobercms.com. All security vulnerabilities will be promptly addressed. +If you discover a security vulnerability within October CMS, please send an email the security team at hello@octobercms.com. All security vulnerabilities will be promptly addressed.