| 1 |
efrain |
1 |
# ADOdb Security Policy
|
|
|
2 |
|
|
|
3 |
## Supported Versions
|
|
|
4 |
|
|
|
5 |
The following releases of the library are currently being supported with
|
|
|
6 |
security updates. Please refer to the [project's home page](https://adodb.org)
|
|
|
7 |
for actual version numbers.
|
|
|
8 |
|
|
|
9 |
- Stable
|
|
|
10 |
- Legacy
|
|
|
11 |
- Development (Git *master* branch)
|
|
|
12 |
|
|
|
13 |
Older releases are no longer supported.
|
|
|
14 |
|
|
|
15 |
|
|
|
16 |
## Reporting a Vulnerability
|
|
|
17 |
|
|
|
18 |
If you discover a vulnerability in ADOdb, please contact
|
|
|
19 |
the [project's maintainer](https://github.com/dregad)
|
|
|
20 |
|
|
|
21 |
- by e-mail (look for it in the Git history)
|
|
|
22 |
- via private chat on [Gitter](https://gitter.im/dregad)
|
|
|
23 |
|
|
|
24 |
Kindly provide the following information in your report:
|
|
|
25 |
|
|
|
26 |
- Affected ADOdb version(s) or Git revision
|
|
|
27 |
- A clear and detailed description of the issue, including if possible a code
|
|
|
28 |
snippet to demonstrate or reproduce the vulnerability
|
|
|
29 |
- A patch for the issue if you have one, preferably in *Git diff* format
|
|
|
30 |
|
|
|
31 |
### CVE handling
|
|
|
32 |
|
|
|
33 |
To ensure a comprehensive and detailed declaration of the issue, we generally
|
|
|
34 |
prefer requesting CVE IDs ourselves, which usually happens after our analysis
|
|
|
35 |
confirms the vulnerability.
|
|
|
36 |
|
|
|
37 |
In case you have already obtained a CVE ID, do not forget to reference it in
|
|
|
38 |
your report.
|
|
|
39 |
|
|
|
40 |
### Credits
|
|
|
41 |
|
|
|
42 |
Let us know if and how you wish to be credited for the finding.
|
|
|
43 |
|
|
|
44 |
Your name, e-mail, company, etc. will be included as specified in the CVE
|
|
|
45 |
report, as well as in the Git commit message patching the issue.
|