mirror of https://github.com/postgres/postgres
Add SECURITY.md (#312)
Artem Gavrilov
11 months ago
committed by
GitHub
parent
54af36c922
commit
a59d314972
@ -0,0 +1,24 @@ |
|||||||
|
# Security Policy |
||||||
|
|
||||||
|
## Supported Versions |
||||||
|
|
||||||
|
pg_tde project follows rolling release strategy. So all security updates go to new versions. |
||||||
|
|
||||||
|
## Reporting a Vulnerability |
||||||
|
|
||||||
|
Please report any vulnerabilities to our project in [Jira](https://perconadev.atlassian.net/jira/software/c/projects/PG/issues). |
||||||
|
|
||||||
|
If the vulnerability is accepted and confirmed by our experts, you should normally expect us to deliver |
||||||
|
a version with a fix according to the timelines provided below: |
||||||
|
|
||||||
|
For Percona created software (our engineers wrote the code): |
||||||
|
|
||||||
|
- Low/Medium: 120 days |
||||||
|
- High: 90 days |
||||||
|
- Critical: ASAP but should not exceed 30 days |
||||||
|
|
||||||
|
For Non-Percona created software (upstream provided/packaged) from the time the vendor releases a patch: |
||||||
|
|
||||||
|
- Low/Medium: 2nd release from current version |
||||||
|
- High: Next release |
||||||
|
- Critical: Hotfix or no later than next release (our regular release cadence is once every month) |
||||||
Loading…
Reference in new issue