2021-10-29 21:01:12 +02:00
|
|
|
<!--
|
|
|
|
SPDX-FileCopyrightText: 2021 Paul Schaub <info@pgpainless.org>
|
|
|
|
|
|
|
|
SPDX-License-Identifier: Apache-2.0
|
|
|
|
-->
|
|
|
|
|
|
|
|
|
2021-10-29 20:49:52 +02:00
|
|
|
# Security Policy
|
|
|
|
|
|
|
|
## Supported Versions
|
|
|
|
|
|
|
|
Use this section to tell people about which versions of your project are
|
|
|
|
currently being supported with security updates.
|
|
|
|
|
2023-01-21 19:17:49 +01:00
|
|
|
| Version | Supported |
|
|
|
|
|---------|--------------------|
|
|
|
|
| 1.4.X | :white_check_mark: |
|
|
|
|
| 1.3.X | :white_check_mark: |
|
|
|
|
| < 1.3.X | :x: |
|
2021-10-29 20:49:52 +02:00
|
|
|
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
|
2021-12-28 13:53:25 +01:00
|
|
|
If you find a security relevant vulnerability inside PGPainless, please let me know!
|
2021-10-29 20:49:52 +02:00
|
|
|
[Here](https://keyoxide.org/7F9116FEA90A5983936C7CFAA027DB2F3E1E118A) you can find my OpenPGP key to email me confidentially.
|
|
|
|
|
|
|
|
Valid security issues will be fixed ASAP.
|
2022-02-15 18:44:58 +01:00
|
|
|
|
|
|
|
## Audits
|
|
|
|
|
|
|
|
### Cure53 - FLO-04
|
|
|
|
PGPainless has received a security audit by [cure53.de](https://cure53.de) in late 2021.
|
|
|
|
The [penetrationj test and audit](https://cure53.de/pentest-report_pgpainless.pdf) covered PGPainless
|
|
|
|
release candidate 1.0.0-rc6.
|
|
|
|
Security fixes for discovered flaws were deployed before the final 1.0.0 release.
|