CadolesKube/hydra-maester
7
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore: update repository templates to 939b80fbfd

Browse Source
This commit is contained in:
aeneasr 2024-08-27 09:36:17 +00:00
parent aed5bd9a62
commit 05d49743b0
1 changed files with 45 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
SECURITY.md
View File

@ -10,21 +10,54 @@
<!-- END doctoc generated TOC please keep comment here to allow auto update --> <!-- END doctoc generated TOC please keep comment here to allow auto update -->
# Security Policy # Ory Security Policy
## Supported Versions ## Overview
We release patches for security vulnerabilities. Which versions are eligible for This security policy outlines the security support commitments for different
receiving such patches depends on the CVSS v3.0 Rating: types of Ory users.
| CVSS v3.0 | Supported Versions | ## Apache 2.0 License Users
| --------- | ----------------------------------------- |
| 9.0-10.0 | Releases within the previous three months | - **Security SLA:** No security Service Level Agreement (SLA) is provided.
| 4.0-8.9 | Most recent release | - **Release Schedule:** Releases are planned every 3 to 6 months. These releases
will contain all security fixes implemented up to that point.
- **Version Support:** Security patches are only provided for the current
release version.
## Ory Enterprise License Customers
- **Security SLA:** The following timelines apply for security vulnerabilities
based on their severity:
- Critical: Resolved within 14 days.
- High: Resolved within 30 days.
- Medium: Resolved within 90 days.
- Low: Resolved within 180 days.
- Informational: Addressed as needed.
- **Release Schedule:** Updates are provided as soon as vulnerabilities are
resolved, adhering to the above SLA.
- **Version Support:** Depending on the Ory Enterprise License agreement
multiple versions can be supported.
## Ory Network Users
- **Security SLA:** The following timelines apply for security vulnerabilities
based on their severity:
- Critical: Resolved within 14 days.
- High: Resolved within 30 days.
- Medium: Resolved within 90 days.
- Low: Resolved within 180 days.
- Informational: Addressed as needed.
- **Release Schedule:** Updates are automatically deployed to Ory Network as
soon as vulnerabilities are resolved, adhering to the above SLA.
- **Version Support:** Ory Network always runs the most current version.
[Get in touch](https://www.ory.sh/contact/) to learn more about Ory's security
SLAs and process.
## Reporting a Vulnerability ## Reporting a Vulnerability
Please report (suspected) security vulnerabilities to If you suspect a security vulnerability, please report it to
**[security@ory.sh](mailto:security@ory.sh)**. You will receive a response from **[security@ory.sh](mailto:security@ory.sh)**. We will respond within 48 hours.
us within 48 hours. If the issue is confirmed, we will release a patch as soon If confirmed, we will work to release a patch as soon as possible, typically
as possible depending on complexity but historically within a few days. within a few days depending on the issue's complexity.