Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#48521 closed enhancement (fixed)

Add a Github Security Policy

Reported by: whyisjake's profile whyisjake Owned by: whyisjake's profile whyisjake
Milestone: 5.4 Priority: normal
Severity: normal Version: 5.3
Component: Security Keywords:
Focuses: Cc:


As part of the work that the Core Security team is undertaking, we should create a Security Policy for Github.

This document will live at the root of wordpress-develop, and will serve as a public-facing document detailing the security policies for core.

Attachments (1)

48521.diff (6.7 KB) - added by whyisjake 4 years ago.

Download all attachments as: .zip

Change History (8)

4 years ago

#1 @SergeyBiryukov
4 years ago

  • Component changed from General to Security

#2 @ayeshrajans
4 years ago

Yay this is nice.
Shouldn't we link to the HackerOne page from the file?

This ticket was mentioned in Slack in #core-committers by whyisjake. View the logs.

4 years ago

#4 @whyisjake
4 years ago

  • Owner set to whyisjake
  • Resolution set to fixed
  • Status changed from assigned to closed

In 46735:

Security: Add a GitHub Security Policy.

As part of more responsible security disclosure, we are adding a security policy to GitHub.

Fixes #48521.
Props whyisjake, ayeshrajans.

#5 @ayeshrajans
4 years ago

#47368 was marked as a duplicate.

#6 @SergeyBiryukov
4 years ago

In 46736:

Security: Add WordPress 5.3.x to the "Supported Versions" section of GitHub Security Policy.

Props imath.
Fixes #48667. See #48521.

#7 @SergeyBiryukov
3 years ago

In 47403:

Tests: Add a unit test to ensure the "Supported Versions" section of GitHub Security Policy always includes the latest stable branch.

See #48667, #48521.

Note: See TracTickets for help on using tickets.