Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-03-13 17:06:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Updates

Browse source
This commit is contained in:
Lauri Ojansivu 2026-03-12 00:34:36 +02:00 committed by wekan
parent 90d9805abf
commit 9604598a79
1 changed files with 17 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

24
SECURITY.md
View file

@ -1,13 +1,23 @@
## Responsible Security Disclosure ## Responsible Security Disclosure
- To send email, is possible, use PGP key [security-at-wekan.fi.asc](security-at-wekan.fi.asc) 1. To send email, if possible, use PGP key [security-at-wekan.fi.asc](security-at-wekan.fi.asc)
- Send info about security issue ONLY to security@wekan.fi . NOT TO ANYWHERE ELSE. NO CC, NO BCC. 2. Send info about security issue ONLY to security@wekan.fi . NOT TO ANYWHERE ELSE. NO CC, NO BCC.
You have no permission to share details with anyone else. 3. Wait for new WeKan release that fixes security issue to appear to top of
You have no permission to request any new GHSA or CVE ID or write technical posts or talks about vulnerabilities. https://github.com/wekan/wekan/blob/main/CHANGELOG.md
All vulnerability details are private to security@wekan.fi only. 4. We will thank you by adding you to Hall of Fame: https://wekan.fi/hall-of-fame/
- Wait for new WeKan release that fixes security issue 5. All vulnerability details will be private to security@wekan.fi ,
- If you approve, we thank you by adding you to Hall of Fame: https://wekan.fi/hall-of-fame/ unless you help all WeKan platforms to have a way to upgrade, like sending
database migrations code to security@wekan.fi or PRs to https://github.com/wekan/wekan/pulls .
There is no benefit to Wordwide Security Community to have more details about vulnerabilities,
if Worldwide Security Community does not help to make upgrades possible.
6. If there some day becomes available a way to upgrade all WeKan platforms,
this page will be updated to add permission for security researchers
to request new GHSA or CVE ID and publish your vulnerability details at your blog, talks, etc,
and send that info also to security@wekan.fi to be added to
Hall of Fame: https://wekan.fi/hall-of-fame/ to get Upgrade Bonus Point Stars.
In that case, it will become possible for security@wekan.fi to publish all
remaining private security details, and publicly thank Worldwide Security Community.
## Bonus Points ## Bonus Points