开源项目 > 开发工具 > 版本管理系统 &&

加入 Gitee

与超过 1200万开发者一起发现、参与优秀开源项目，私有仓库也完全免费：）

克隆/下载

SECURITY.md 1.25 KB

# Security policy

## Supported versions

Only lastest two minor version releases are supported (>= 0.12) for accepting vulnerability reports and patching fixes.

Existing vulnerability reports are being tracked in [Gogs Vulnerability Reports](https://jcunknwon.notion.site/Gogs-Vulnerability-Reports-81d7df52e45c4f159274e46ba48ed1b9).

## Vulnerability lifecycle

1. Report a vulnerability:
    - We strongly enourage to use https://huntr.dev/ for submitting and managing status of vulnerability reports.
    - Alternatively, you may send vulnerability reports through emails to [security@gogs.io](mailto:security@gogs.io).
1. Create a [dummy issue](https://github.com/gogs/gogs/issues/6901) with high-level description of the security vulnerability for credibility and tracking purposes.
1. Project maintainers review the report and either:
    - Ask clarifying questions
    - Confirm or deny the vulnerability
1. Once the vulnerability is confirmed, the reporter may submit a patch or wait for project maintainers to patch.
    - The latter is usually significantly slower.
1. Patch releases will be made for the supported versions.
1. Publish the original vulnerability report and a new [GitHub security advisory](https://github.com/gogs/gogs/security/advisories).

Thank you!

一键复制原始数据按行查看历史

提交于 2022-04-09 14:02 . SECURITY: refer dummy issue to a simpler example (#6902)

Security policy

Supported versions

Only lastest two minor version releases are supported (>= 0.12) for accepting vulnerability reports and patching fixes.

Existing vulnerability reports are being tracked in Gogs Vulnerability Reports.

Vulnerability lifecycle

Report a vulnerability:
- We strongly enourage to use https://huntr.dev/ for submitting and managing status of vulnerability reports.
- Alternatively, you may send vulnerability reports through emails to security@gogs.io.
Create a dummy issue with high-level description of the security vulnerability for credibility and tracking purposes.
Project maintainers review the report and either:
- Ask clarifying questions
- Confirm or deny the vulnerability
Once the vulnerability is confirmed, the reporter may submit a patch or wait for project maintainers to patch.
- The latter is usually significantly slower.
Patch releases will be made for the supported versions.
Publish the original vulnerability report and a new GitHub security advisory.

Thank you!

Go

1

https://gitee.com/unknwon/gogs.git

git@gitee.com:unknwon/gogs.git

unknwon

gogs

gogs

main