Skip to content

Commit 264aaa5

Browse files
EvanDotProEvanDotPro
committed
Add security disclosure info to README/CONTRIBUTING docs
1 parent 43a65f7 commit 264aaa5

File tree

2 files changed

+29
-1
lines changed

2 files changed

+29
-1
lines changed

CONTRIBUTING.md

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,21 @@ read/subscribe to the following resources:
1919

2020
If you are working on new features, or refactoring an existing
2121
component, please create a proposal. You can do this in on the RFC's
22-
page, http://framework.zend.com/wiki/display/ZFDEV2/RFC%27s.
22+
page, http://framework.zend.com/wiki/display/ZFDEV2/RFC%27s.
23+
24+
## Reporting Potential Security Issues
25+
26+
If you have encountered a potential security vulnerability in Zend Framework, please report it to us at [[email protected]](mailto:[email protected]). We will work with you to verify the vulnerability and patch it.
27+
28+
When reporting issues, please provide the following information:
29+
30+
- Component(s) affected
31+
- A description indicating how to reproduce the issue
32+
- A summary of the security vulnerability and impact
33+
34+
We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Zend Framework users and provides them with a chance to upgrade and/or update in order to protect their applications.
35+
36+
For sensitive email communications, please use [our PGP key](http://framework.zend.com/zf-security-pgp-key.asc).
2337

2438
## RUNNING TESTS
2539

README.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,20 @@ If you would like to be notified of new releases, you can subscribe to
4747
the fw-announce mailing list by sending a blank message to
4848
<[email protected]>.
4949

50+
## Reporting Potential Security Issues
51+
52+
If you have encountered a potential security vulnerability in Zend Framework, please report it to us at [[email protected]](mailto:[email protected]). We will work with you to verify the vulnerability and patch it.
53+
54+
When reporting issues, please provide the following information:
55+
56+
- Component(s) affected
57+
- A description indicating how to reproduce the issue
58+
- A summary of the security vulnerability and impact
59+
60+
We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Zend Framework users and provides them with a chance to upgrade and/or update in order to protect their applications.
61+
62+
For sensitive email communications, please use [our PGP key](http://framework.zend.com/zf-security-pgp-key.asc).
63+
5064
### LICENSE
5165

5266
The files in this archive are released under the Zend Framework license.

0 commit comments

Comments
 (0)