CadolesKube/hydra-maester
7
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore: update repository templates to 1af2225678

Browse Source
This commit is contained in:
aeneasr 2024-12-04 15:38:54 +00:00
parent 34c92d26ce
commit 9bc3112ca2
5 changed files with 48 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/closed_references.yml vendored
View File

@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Find closed references name: Find closed references
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v2
- uses: actions/setup-node@v2-beta - uses: actions/setup-node@v2-beta
with: with:
node-version: "14" node-version: "14"

2
.github/workflows/conventional_commits.yml vendored
View File

@ -24,7 +24,7 @@ jobs:
name: Validate PR title name: Validate PR title
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v3
- id: config - id: config
uses: ory/ci/conventional_commit_config@master uses: ory/ci/conventional_commit_config@master
with: with:

2
.github/workflows/labels.yml vendored
View File

@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v2
- name: Synchronize Issue Labels - name: Synchronize Issue Labels
uses: ory/label-sync-action@v0 uses: ory/label-sync-action@v0
with: with:

2
.github/workflows/stale.yml vendored
View File

@ -12,7 +12,7 @@ jobs:
if: github.repository_owner == 'ory' if: github.repository_owner == 'ory'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/stale@v9 - uses: actions/stale@v4
with: with:
repo-token: ${{ secrets.GITHUB_TOKEN }} repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: | stale-issue-message: |

85
SECURITY.md
View File

@ -3,51 +3,54 @@
# Ory Security Policy # Ory Security Policy
## Overview This policy outlines Ory's security commitments and practices for users across
different licensing and deployment models.
This security policy outlines the security support commitments for different To learn more about Ory's security service level agreements (SLAs) and
types of Ory users. processes, please [contact us](https://www.ory.sh/contact/).
[Get in touch](https://www.ory.sh/contact/) to learn more about Ory's security
SLAs and process.
## Apache 2.0 License Users
- **Security SLA:** No security Service Level Agreement (SLA) is provided.
- **Release Schedule:** Releases are planned every 3 to 6 months. These releases
will contain all security fixes implemented up to that point.
- **Version Support:** Security patches are only provided for the current
release version.
## Ory Enterprise License Customers
- **Security SLA:** The following timelines apply for security vulnerabilities
based on their severity:
- Critical: Resolved within 14 days.
- High: Resolved within 30 days.
- Medium: Resolved within 90 days.
- Low: Resolved within 180 days.
- Informational: Addressed as needed.
- **Release Schedule:** Updates are provided as soon as vulnerabilities are
resolved, adhering to the above SLA.
- **Version Support:** Depending on the Ory Enterprise License agreement
multiple versions can be supported.
## Ory Network Users ## Ory Network Users
- **Security SLA:** The following timelines apply for security vulnerabilities - **Security SLA:** Ory addresses vulnerabilities in the Ory Network according
based on their severity: to the following guidelines:
- Critical: Resolved within 14 days. - Critical: Typically addressed within 14 days.
- High: Resolved within 30 days. - High: Typically addressed within 30 days.
- Medium: Resolved within 90 days. - Medium: Typically addressed within 90 days.
- Low: Resolved within 180 days. - Low: Typically addressed within 180 days.
- Informational: Addressed as needed. - Informational: Addressed as necessary.
- **Release Schedule:** Updates are automatically deployed to Ory Network as These timelines are targets and may vary based on specific circumstances.
soon as vulnerabilities are resolved, adhering to the above SLA. - **Release Schedule:** Updates are deployed to the Ory Network as
- **Version Support:** Ory Network always runs the most current version. vulnerabilities are resolved.
- **Version Support:** The Ory Network always runs the latest version, ensuring
up-to-date security fixes.
## Ory Enterprise License Customers
- **Security SLA:** Ory addresses vulnerabilities based on their severity:
- Critical: Typically addressed within 14 days.
- High: Typically addressed within 30 days.
- Medium: Typically addressed within 90 days.
- Low: Typically addressed within 180 days.
- Informational: Addressed as necessary.
These timelines are targets and may vary based on specific circumstances.
- **Release Schedule:** Updates are made available as vulnerabilities are
resolved. Ory works closely with enterprise customers to ensure timely updates
that align with their operational needs.
- **Version Support:** Ory may provide security support for multiple versions,
depending on the terms of the enterprise agreement.
## Apache 2.0 License Users
- **Security SLA:** Ory does not provide a formal SLA for security issues under
the Apache 2.0 License.
- **Release Schedule:** Releases prioritize new functionality and include fixes
for known security vulnerabilities at the time of release. While major
releases typically occur one to two times per year, Ory does not guarantee a
fixed release schedule.
- **Version Support:** Security patches are only provided for the latest release
version.
## Reporting a Vulnerability ## Reporting a Vulnerability
Please head over to our For details on how to report security vulnerabilities, visit our
[security policy](https://www.ory.sh/docs/ecosystem/security) to learn more [security policy documentation](https://www.ory.sh/docs/ecosystem/security).
about reporting security vulnerabilities.