WordPress.org

Make WordPress Core

Opened 21 months ago

Closed 21 months ago

Last modified 17 months ago

#48521 closed enhancement (fixed)

Add a Github Security Policy

Reported by: whyisjake Owned by: whyisjake
Milestone: 5.4 Priority: normal
Severity: normal Version: 5.3
Component: Security Keywords:
Focuses: Cc:

Description

As part of the work that the Core Security team is undertaking, we should create a Security Policy for Github.

https://help.github.com/en/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository

This document will live at the root of wordpress-develop, and will serve as a public-facing document detailing the security policies for core.

Attachments (1)

48521.diff (6.7 KB) - added by whyisjake 21 months ago.

Download all attachments as: .zip

Change History (8)

@whyisjake
21 months ago

#1 @SergeyBiryukov
21 months ago

  • Component changed from General to Security

#2 @ayeshrajans
21 months ago

Yay this is nice.
Shouldn't we link to the HackerOne page from the SECURITY.md file? https://hackerone.com/wordpress

This ticket was mentioned in Slack in #core-committers by whyisjake. View the logs.


21 months ago

#4 @whyisjake
21 months ago

  • Owner set to whyisjake
  • Resolution set to fixed
  • Status changed from assigned to closed

In 46735:

Security: Add a GitHub Security Policy.

As part of more responsible security disclosure, we are adding a security policy to GitHub.

Fixes #48521.
Props whyisjake, ayeshrajans.

#5 @ayeshrajans
21 months ago

#47368 was marked as a duplicate.

#6 @SergeyBiryukov
21 months ago

In 46736:

Security: Add WordPress 5.3.x to the "Supported Versions" section of GitHub Security Policy.

Props imath.
Fixes #48667. See #48521.

#7 @SergeyBiryukov
17 months ago

In 47403:

Tests: Add a unit test to ensure the "Supported Versions" section of GitHub Security Policy always includes the latest stable branch.

See #48667, #48521.

Note: See TracTickets for help on using tickets.