Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patchstack Vulnerability Disclosure Program #3465

Merged
merged 1 commit into from
May 19, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,9 @@ ElasticPress, a fast and flexible search and query engine for WordPress, enables

## Documentation

ElasticPress has an in depth documentation site. [Visit the docs ☞](https://10up.github.io/ElasticPress/)

ElasticPress FAQs and tutorials can be found on our support site. [Visit the support site ☞](https://elasticpress.zendesk.com/hc/en-us)
* [Docs website ☞](https://10up.github.io/ElasticPress/)
* [Support site with FAQs and tutorials ☞](https://elasticpress.zendesk.com/hc/en-us)
* [Security Policy ☞](https://github.com/10up/ElasticPress/blob/develop/SECURITY.md)

## Requirements and Compatibility

Expand Down
14 changes: 3 additions & 11 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,12 @@ The following versions of this project are currently being supported with securi

| Version | Supported |
| ------- | ------------------ |
| 3.6.0 | :white_check_mark: |
| 3.5.6 | :white_check_mark: |
| <3.5.5 | :x: |
| 4.5.0 | :white_check_mark: |
| <4.4.1 | :x: |

## Reporting a Vulnerability

To report a security issue please email details to opensourcesecurity@10up.com with a descriptive subject line. This account is monitored by a small team within 10up. In addition, please include the following information along with your report:

- Your name and affiliation (if any).
- A description of the technical details of the vulnerability. It is very important to let us know how we can reproduce your findings.
- An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This will help us evaluate your report quickly, especially if the issue is complex.
- Whether this vulnerability is public or known to third parties. If it is, please provide details.

If you believe that an existing (public) issue is security-related, please send an email to opensourcesecurity@10up.com. The email should include the issue ID and a short description of why it should be handled according to this security policy.
You can report any security bugs found in the source code of ElasticPress through the [Patchstack Vulnerability Disclosure Program](https://patchstack.com/database/vdp/elasticpress). The Patchstack team will assist you with verification, CVE assignment and take care of notifying the developers of this plugin.

## Responding to Vulnerability Reports

Expand Down
4 changes: 4 additions & 0 deletions readme.txt
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,10 @@ If you have identified a bug or would like to suggest an enhancement, please ref

If you are an ElasticPress.io customer, please open a ticket in your account dashboard. If you need a custom solution, we also offer [consulting](https://www.elasticpress.io/elasticpress-consulting/).

= Where do I report security bugs? =

You can report any security bugs found in the source code of ElasticPress through the [Patchstack Vulnerability Disclosure Program](https://patchstack.com/database/vdp/elasticpress). The Patchstack team will assist you with verification, CVE assignment and take care of notifying the developers of this plugin.

= Is ElasticPress compatible with OpenSearch or Elasticsearch X.Y? =

ElasticPress requirements can be found in the [Requirements section](https://github.com/10up/ElasticPress#requirements) of our GitHub repository. If your solution relies on a different server or version, you may find additional information on our [Compatibility documentation page](https://10up.github.io/ElasticPress/tutorial-compatibility.html).
Expand Down