github.com/cloudberrydb/gpbackup@v1.0.3-0.20240118031043-5410fd45eed6/SECURITY.md

github.com/cloudberrydb/gpbackup@v1.0.3-0.20240118031043-5410fd45eed6/SECURITY.md (about)

     1  Thanks for helping make Cloudberry Database safe!
     2  
     3  ---
     4  
     5  ## Reporting Security Issues
     6  
     7  To report a security issue, please email
     8  [security@cloudberrydb.org](mailto:security@cloudberrydb.org). This
     9  project follows a 90-day disclosure timeline. We will publish the
    10  [security
    11  advisories](https://github.com/cloudberrydb/cloudberrydb/security/advisories)
    12  via GitHub.
    13  
    14  You should receive a response within 2 weeks. If for some reason you
    15  do not, please follow up via email to ensure we received your original
    16  message.
    17  
    18  Please include the requested information listed below (as much as you
    19  can provide) to help us better understand the nature and scope of the
    20  possible issue:
    21  
    22  * Type of issue (e.g. buffer overflow, SQL injection, cross-site
    23    scripting, etc.)
    24  * Full paths of source file(s) related to the manifestation of the
    25    issue
    26  * The location of the affected source code (tag/branch/commit or
    27    direct URL)
    28  * Any special configuration required to reproduce the issue
    29  * Step-by-step instructions to reproduce the issue
    30  * Proof-of-concept or exploit code (if possible)
    31  * Impact of the issue, including how an attacker might exploit the
    32    issue
    33  
    34  This information will help us triage your report more quickly.
    35  
    36  ## Do not
    37  
    38  For better collaboration, we hope you:
    39  
    40  - Do not file public issues on GitHub for security vulnerabilities.
    41  - Do not report non-security-impacting bugs through this channel. If
    42    you have any questions on using, development, please use [GitHub
    43    Issues, Discussions or
    44    Slack](https://github.com/cloudberrydb/cloudberrydb/issues/new/choose)
    45    instead.
    46  
    47  ## Handling Process
    48  
    49  Here's an overview of the security issues handling process:
    50  
    51  * The reporter reports the security issues to the Cloudberry Database
    52    team.
    53  * The Cloudberry Database team investigates the report and decides to
    54    accept or reject the report. If our team rejects the report, the
    55    team will explain why to the reporter. If we accept the report, our
    56    team will work privately with the reporter to fix the security
    57    issues.
    58  * Release the new version of the Cloudberry Database that includes the
    59    fix.
    60  * Public the security issues.
    61  
    62  ## Preferred Languages
    63  
    64  We prefer all communications to be in English.