diff options
| author | Mario <mario@mariovavti.com> | 2024-03-14 10:13:22 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2024-03-14 10:13:22 +0000 |
| commit | 55097c47c5534d4453f7494f8a1542f7beb4d588 (patch) | |
| tree | 399f81bbd03fcb4bb713339d06512eee962ec8f6 /vendor/ramsey/collection/SECURITY.md | |
| parent | 97b82fc77b424d051b2a472ab2318fd768151bdd (diff) | |
| download | volse-hubzilla-55097c47c5534d4453f7494f8a1542f7beb4d588.tar.gz volse-hubzilla-55097c47c5534d4453f7494f8a1542f7beb4d588.tar.bz2 volse-hubzilla-55097c47c5534d4453f7494f8a1542f7beb4d588.zip | |
Revert "composer update and use the fixed streams php-jcs library until the floats issue will be fixed upstream. see here for reference https://codeberg.org/streams/streams/issues/151"
This reverts commit 6bf61dfa6b585db01b607a79bd64ec9c583a9c10.
Diffstat (limited to 'vendor/ramsey/collection/SECURITY.md')
| -rw-r--r-- | vendor/ramsey/collection/SECURITY.md | 70 |
1 files changed, 7 insertions, 63 deletions
diff --git a/vendor/ramsey/collection/SECURITY.md b/vendor/ramsey/collection/SECURITY.md index 3de4c0cbd..b052f3b65 100644 --- a/vendor/ramsey/collection/SECURITY.md +++ b/vendor/ramsey/collection/SECURITY.md @@ -1,59 +1,29 @@ <!-- - This policy template was created using the HackerOne Policy Builder [1], - with guidance from the National Telecommunications and Information - Administration Coordinated Vulnerability Disclosure Template [2]. + This policy was created using the HackerOne Policy Builder: + https://hackerone.com/policy-builder/ --> -# Vulnerability Disclosure Policy (VDP) - -## Brand Promise - -<!-- - This is your brand promise. Its objective is to "demonstrate a clear, good - faith commitment to customers and other stakeholders potentially impacted by - security vulnerabilities" [2]. ---> +# Vulnerability Disclosure Policy Keeping user information safe and secure is a top priority, and we welcome the contribution of external security researchers. ## Scope -<!-- - This is your initial scope. It tells vulnerability finders and reporters - "which systems and capabilities are 'fair game' versus 'off limits'" [2]. - For software packages, this is often a list of currently maintained versions - of the package. ---> - If you believe you've found a security issue in software that is maintained in this repository, we encourage you to notify us. | Version | In scope | Source code | -| ------- | :------: | ----------- | +| :-----: | :------: | :---------- | | latest | ✅ | https://github.com/ramsey/collection | ## How to Submit a Report -<!-- - This is your communication process. It tells security researchers how to - contact you to report a vulnerability. It may be a link to a web form that - uses HTTPS for secure communication, or it may be an email address. - Optionally, you may choose to include a PGP public key, so that researchers - may send you encrypted messages. ---> - -To submit a vulnerability report, please contact us at security@ramsey.dev. +To submit a vulnerability report, please contact us at <security@ramsey.dev>. Your submission will be reviewed and validated by a member of our team. ## Safe Harbor -<!-- - This section assures vulnerability finders and reporters that they will - receive good faith responses to their good faith acts. In other words, - "we will not take legal action if..." [2]. ---> - We support safe harbor for security researchers who: * Make a good faith effort to avoid privacy violations, destruction of data, and @@ -63,7 +33,7 @@ We support safe harbor for security researchers who: us immediately, do not proceed with access, and immediately purge any local information. * Provide us with a reasonable amount of time to resolve vulnerabilities prior - to any disclosure to the public or a third party. + to any disclosure to the public or a third-party. We will consider activities conducted consistent with this policy to constitute "authorized" conduct and will not pursue civil action or initiate a complaint to @@ -75,41 +45,15 @@ with or unaddressed by this policy. ## Preferences -<!-- - The preferences section sets expectations based on priority and submission - volume, rather than legal objection or restriction [2]. - - According to the NTIA [2]: - - This section is a living document that sets expectations for preferences - and priorities, typically maintained by the support and engineering - team. This can outline classes of vulnerabilities, reporting style - (crash dumps, CVSS scoring, proof-of-concept, etc.), tools, etc. Too - many preferences can set the wrong tone or make reporting findings - difficult to navigate. This section also sets expectations to the - researcher community for what types of issues are considered important - or not. ---> - * Please provide detailed reports with reproducible steps and a clearly defined impact. * Include the version number of the vulnerable package in your report * Social engineering (e.g. phishing, vishing, smishing) is prohibited. -<!-- - References - - [1] HackerOne. Policy builder. Retrieved from https://hackerone.com/policy-builder/ - - [2] NTIA Safety Working Group. 2016. "Early stage" coordinated vulnerability - disclosure template: Version 1.1. (15 December 2016). Retrieved from - https://www.ntia.doc.gov/files/ntia/publications/ntia_vuln_disclosure_early_stage_template.pdf ---> - ## Encryption Key for security@ramsey.dev For increased privacy when reporting sensitive issues, you may encrypt your -message using the following public key: +messages using the following key: ``` -----BEGIN PGP PUBLIC KEY BLOCK----- |