mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2025-08-05 10:35:41 +02:00
ci/docs: add vulnerability scanning workflow & security policy (#3106)
This commit is contained in:
parent
972406099e
commit
4e82d4de54
3 changed files with 91 additions and 0 deletions
14
SECURITY.md
Normal file
14
SECURITY.md
Normal file
|
@ -0,0 +1,14 @@
|
|||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
Due to the way DMS is released, the most recent patches and the most current software is published on the `:edge` tag of the container image. Hence, security updates will land on this "rolling release tag". Older tags need manual updating, as we do not usually release an updated image for an existing tag; this will only be done in case of _severe_ vulnerabilities.
|
||||
|
||||
| Image Tags | Latest Packages & Patches |
|
||||
|-------------|:-------------------------:|
|
||||
| `:edge` | :white_check_mark: |
|
||||
| not `:edge` | :x: |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
When reporting a vulnerability, you can use GitHub's "Private Vulnerability Reporting". Just navigate to the [Open an Issue](https://github.com/docker-mailserver/docker-mailserver/issues/new/choose) page and choose "Report a security vulnerability". This way, maintainers will privately notified first. Afterwards, in a best-case scenario, if the vulnerability is fixed, the report will be made public.
|
Loading…
Add table
Add a link
Reference in a new issue