-
Notifications
You must be signed in to change notification settings - Fork 85
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ee78ae5
commit 7c881de
Showing
1 changed file
with
4 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,13 +1,13 @@ | ||
| # Security Policy | ||
|
|
||
| ImageMagick best practices **strongly** encourages you to configure a [security policy](https://legacy.imagemagick.org/script/security-policy.php) that suits your local environment. | ||
| It is strongly recommended to establish a [security policy](https://legacy.imagemagick.org/script/security-policy.php) suitable for your local environment before utilizing ImageMagick. | ||
|
|
||
| ## Supported Versions | ||
|
|
||
| We encourage users to upgrade to the lastest ImageMagick release to ensure that all known security vulnerabilities are addressed. On request, we can backport security fixes to other ImageMagick versions. | ||
| We encourage users to upgrade to the latest ImageMagick release to ensure that all known security vulnerabilities are addressed. On request, we can backport security fixes to other ImageMagick versions. | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| Post any vulnerability as an [issue](https://github.com/ImageMagick/ImageMagick6/issues). Or you can post privately to the ImageMagick development [team](https://imagemagick.org/script/contact.php). Most vulnerabilities are fixed within 48 hours. | ||
| Before you post a vulnerability, first determine if the vulnerability can be mitigated by the security policy. ImageMagick, by default, is open. Use the security policy to add constraints to meet the requirements of your local security governance. If you feel confident that the security policy does not address the vulnerability, post the vulnerability as an [issue](https://github.com/ImageMagick/ImageMagick6/issues). Or you can post privately to the ImageMagick development [team](https://imagemagick.org/script/contact.php). Most vulnerabilities are fixed within 48 hours. | ||
|
|
||
| In addition, request a [CVE](https://cve.mitre.org/cve/request_id.html). We rely on you to post CVE's so our development team can concentrate on delivering a robust security patch. | ||
| In addition, request a [CVE](https://www.cve.org/ResourcesSupport/ReportRequest). We rely on you to post CVE's so our development team can concentrate on delivering a robust security patch. |