github.com/tuhaihe/gpbackup@v1.0.3/SECURITY.md (about) 1 Thanks for helping make Cloudberry Database safe! 2 3 --- 4 5 ## Reporting Security Issues 6 7 To report a security issue, please email 8 [security@cloudberrydb.org](mailto:security@cloudberrydb.org). This 9 project follows a 90-day disclosure timeline. We will publish the 10 [security 11 advisories](https://github.com/tuhaihe/cloudberrydb/security/advisories) 12 via GitHub. 13 14 You should receive a response within 2 weeks. If for some reason you 15 do not, please follow up via email to ensure we received your original 16 message. 17 18 Please include the requested information listed below (as much as you 19 can provide) to help us better understand the nature and scope of the 20 possible issue: 21 22 * Type of issue (e.g. buffer overflow, SQL injection, cross-site 23 scripting, etc.) 24 * Full paths of source file(s) related to the manifestation of the 25 issue 26 * The location of the affected source code (tag/branch/commit or 27 direct URL) 28 * Any special configuration required to reproduce the issue 29 * Step-by-step instructions to reproduce the issue 30 * Proof-of-concept or exploit code (if possible) 31 * Impact of the issue, including how an attacker might exploit the 32 issue 33 34 This information will help us triage your report more quickly. 35 36 ## Do not 37 38 For better collaboration, we hope you: 39 40 - Do not file public issues on GitHub for security vulnerabilities. 41 - Do not report non-security-impacting bugs through this channel. If 42 you have any questions on using, development, please use [GitHub 43 Issues, Discussions or 44 Slack](https://github.com/tuhaihe/cloudberrydb/issues/new/choose) 45 instead. 46 47 ## Handling Process 48 49 Here's an overview of the security issues handling process: 50 51 * The reporter reports the security issues to the Cloudberry Database 52 team. 53 * The Cloudberry Database team investigates the report and decides to 54 accept or reject the report. If our team rejects the report, the 55 team will explain why to the reporter. If we accept the report, our 56 team will work privately with the reporter to fix the security 57 issues. 58 * Release the new version of the Cloudberry Database that includes the 59 fix. 60 * Public the security issues. 61 62 ## Preferred Languages 63 64 We prefer all communications to be in English.