Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-03-12 16:42:33 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Updates
Some checks are pending
Docker / build (push) Waiting to run
Details
Docker Image CI / build (push) Waiting to run
Details
Release Charts / release (push) Waiting to run
Details
Test suite / Meteor tests (push) Waiting to run
Details
Test suite / Coverage report (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
Lauri Ojansivu 2026-03-12 00:34:36 +02:00
parent c51dda315f
commit 98f7403f6f
1 changed files with 17 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

24
SECURITY.md
View file

@ -1,13 +1,23 @@
## Responsible Security Disclosure
- To send email, is possible, use PGP key [security-at-wekan.fi.asc](security-at-wekan.fi.asc)
- Send info about security issue ONLY to security@wekan.fi . NOT TO ANYWHERE ELSE. NO CC, NO BCC.
You have no permission to share details with anyone else.
You have no permission to request any new GHSA or CVE ID or write technical posts or talks about vulnerabilities.
All vulnerability details are private to security@wekan.fi only.
- Wait for new WeKan release that fixes security issue
- If you approve, we thank you by adding you to Hall of Fame: https://wekan.fi/hall-of-fame/
1. To send email, if possible, use PGP key [security-at-wekan.fi.asc](security-at-wekan.fi.asc)
2. Send info about security issue ONLY to security@wekan.fi . NOT TO ANYWHERE ELSE. NO CC, NO BCC.
3. Wait for new WeKan release that fixes security issue to appear to top of
https://github.com/wekan/wekan/blob/main/CHANGELOG.md
4. We will thank you by adding you to Hall of Fame: https://wekan.fi/hall-of-fame/
5. All vulnerability details will be private to security@wekan.fi ,
unless you help all WeKan platforms to have a way to upgrade, like sending
database migrations code to security@wekan.fi or PRs to https://github.com/wekan/wekan/pulls .
There is no benefit to Wordwide Security Community to have more details about vulnerabilities,
if Worldwide Security Community does not help to make upgrades possible.
6. If there some day becomes available a way to upgrade all WeKan platforms,
this page will be updated to add permission for security researchers
to request new GHSA or CVE ID and publish your vulnerability details at your blog, talks, etc,
and send that info also to security@wekan.fi to be added to
Hall of Fame: https://wekan.fi/hall-of-fame/ to get Upgrade Bonus Point Stars.
In that case, it will become possible for security@wekan.fi to publish all
remaining private security details, and publicly thank Worldwide Security Community.
## Bonus Points