-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
9 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,6 +10,15 @@ We are focusing our security updates on the following versions | |
| | 1.6.x | :warning: | | ||
| | < 1.6 | :x: | | ||
|
|
||
| ## :pushpin: Note on Security Severity | ||
|
|
||
| > NOTE: Please use the following guidlines when selecting a **Severity**. Submitted advisories that are marked **High** or **Critical** that don't meet the guidelines below will be cliosed. | ||
| * **CRITICAL** - no account required, can modify content, or run malicious code or nefarious activity without any access. | ||
| * **HIGH** - publisher level account able to run malicious code or nefarious activity, or other high level security things. | ||
| * **MODERATE** - admin level account able to run malicious code or do nefarious things. other moderate security things. | ||
| * **LOW** - super admin level account able to run malicious code or do nefarious things. other minor security things. | ||
|
|
||
| ## :warning: Versions | ||
|
|
||
| Versions with :warning: will be supported for security issues, however you won't be able to update to them, you will need to manually update through the [`direct-install` command](https://learn.getgrav.org/17/admin-panel/tools). | ||
|
|
@@ -22,15 +31,6 @@ Please contact [email protected] with a detailed explanation of the security | |
|
|
||
| > NOTE: Please do not use 3rd party security issue reporting services, we like to keep everything in the GitHub ecosystem for easier manageability. | ||
| ## :pushpin: Note on Security Severity | ||
|
|
||
| > NOTE: Please use the following guidlines when selecting a **Severity**. Submitted advisories that are marked **High** or **Critical** that don't meet the guidelines below will be cliosed._ | ||
| * **CRITICAL** - no account required, can modify content, or run malicious code or nefarious activity without any access. | ||
| * **HIGH** - publisher level account able to run malicious code or nefarious activity, or other high level security things. | ||
| * **MODERATE** - admin level account able to run malicious code or do nefarious things. other moderate security things. | ||
| * **LOW** - super admin level account able to run malicious code or do nefarious things. other minor security things. | ||
|
|
||
| ## :bug: Bug Bounties | ||
|
|
||
| We do greatly appreciate your efforts to improve Grav, but unfortunately because we are a small open source project, we **do not have the resources to offer bounties** for security issues found. | ||
|
|
||