mirror of
https://github.com/mediacms-io/mediacms.git
synced 2026-03-09 14:37:22 -04:00
Compare commits
2 Commits
ltimoodle1
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
|
b7427869b6 | ||
|
11449c2187 |
@@ -1,5 +1,11 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## [7.6.0](https://github.com/mediacms-io/mediacms/compare/v7.5.0...v7.6.0) (2026-02-07)
|
||||||
|
|
||||||
|
### Features
|
||||||
|
|
||||||
|
* Create SECURITY.md ([#1485](https://github.com/mediacms-io/mediacms/issues/1485)) ([11449c2](https://github.com/mediacms-io/mediacms/commit/11449c2187d0f450b86915d88f92595a1825e4cf))
|
||||||
|
|
||||||
## [7.5.0](https://github.com/mediacms-io/mediacms/compare/v7.4.0...v7.5.0) (2026-02-06)
|
## [7.5.0](https://github.com/mediacms-io/mediacms/compare/v7.4.0...v7.5.0) (2026-02-06)
|
||||||
|
|
||||||
### Features
|
### Features
|
||||||
|
|||||||
54
SECURITY.md
Normal file
54
SECURITY.md
Normal file
@@ -0,0 +1,54 @@
|
|||||||
|
# Security Policy
|
||||||
|
|
||||||
|
Thank you for helping improve the security of MediaCMS.
|
||||||
|
We take security vulnerabilities seriously and appreciate responsible disclosure.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
If you discover a security vulnerability in MediaCMS, **please do not open a public GitHub issue**.
|
||||||
|
|
||||||
|
Instead, report it using one of the following methods:
|
||||||
|
|
||||||
|
- **GitHub Security Advisories (preferred)**
|
||||||
|
Use the "Report a vulnerability" feature in this repository.
|
||||||
|
|
||||||
|
- **Contact Form**
|
||||||
|
Submit details via the official contact page:
|
||||||
|
https://mediacms.io/contact/
|
||||||
|
|
||||||
|
Please include as much of the following information as possible:
|
||||||
|
- Affected version(s)
|
||||||
|
- Detailed description of the issue
|
||||||
|
- Steps to reproduce (PoC if available)
|
||||||
|
- Impact assessment (e.g. RCE, XSS, privilege escalation)
|
||||||
|
- Any potential mitigations you are aware of
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
Security updates are provided for the **latest stable release** of MediaCMS.
|
||||||
|
Older versions may not receive security patches.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Disclosure Policy
|
||||||
|
|
||||||
|
- We aim to acknowledge reports within **7 days**
|
||||||
|
- We aim to provide a fix or mitigation within **90 days**, depending on severity
|
||||||
|
- Please allow us time to investigate before any public disclosure
|
||||||
|
|
||||||
|
We follow responsible disclosure practices and will coordinate disclosure timelines when appropriate.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Recognition
|
||||||
|
|
||||||
|
At this time, MediaCMS does not operate a formal bug bounty program.
|
||||||
|
However, we are happy to acknowledge valid security reports in release notes or advisories (with your permission).
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Thank you for helping keep MediaCMS secure.
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "mediacms",
|
"name": "mediacms",
|
||||||
"version": "7.5.0",
|
"version": "7.6.0",
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@semantic-release/changelog": "^6.0.3",
|
"@semantic-release/changelog": "^6.0.3",
|
||||||
"@semantic-release/git": "^10.0.1",
|
"@semantic-release/git": "^10.0.1",
|
||||||
|
|||||||
Reference in New Issue
Block a user