[nginx] Added security policy.
noreply at nginx.com
noreply at nginx.com
Mon Sep 2 16:11:02 UTC 2024
details: https://github.com/nginx/nginx/commit/3b16b46aae979b9a130c5dd42430dda37b623282
branches: master
commit: 3b16b46aae979b9a130c5dd42430dda37b623282
user: Maryna Herasimovich <m.herasimovich at f5.com>
date: Wed, 28 Aug 2024 20:51:54 -0700
description:
Added security policy.
---
SECURITY.md | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..2b48e47e3
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+## Latest Versions
+
+We advise users to run the most recent mainline or stable release of nginx.
+
+## Reporting a Vulnerability
+
+Please report any vulnerabilities via one of the following methods
+(in order of preference):
+
+1. [Report a vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)
+within this repository. We are using the Github workflow that allows us to
+manage vulnerabilities in a private manner and to interact with reporters
+securely.
+
+2. [Report directly to F5](https://www.f5.com/services/support/report-a-vulnerability).
+
+3. Report via email to security-alert at nginx.org.
+This method will be deprecated in the future.
More information about the nginx-devel
mailing list