43 lines
1.7 KiB
Markdown
43 lines
1.7 KiB
Markdown
|
# Security Policies and Procedures
|
||
|
|
||
|
This document outlines security procedures and general policies for the _mailcow: dockerized_ project as found on [mailcow-dockerized](https://github.com/mailcow/mailcow-dockerized).
|
||
|
|
||
|
* [Reporting a Vulnerability](#reporting-a-vulnerability)
|
||
|
* [Disclosure Policy](#disclosure-policy)
|
||
|
* [Comments on this Policy](#comments-on-this-policy)
|
||
|
|
||
|
## Reporting a Vulnerability
|
||
|
|
||
|
The mailcow team and community take all security vulnerabilities
|
||
|
seriously. Thank you for improving the security of our open source
|
||
|
software. We appreciate your efforts and responsible disclosure and will
|
||
|
make every effort to acknowledge your contributions.
|
||
|
|
||
|
Report security vulnerabilities by emailing the mailcow team at:
|
||
|
|
||
|
info at servercow.de
|
||
|
|
||
|
mailcow team will acknowledge your email as soon as possible, and will
|
||
|
send a more detailed response afterwards indicating the next steps in
|
||
|
handling your report. After the initial reply to your report, the mailcow
|
||
|
team will endeavor to keep you informed of the progress towards a fix and
|
||
|
full announcement, and may ask for additional information or guidance.
|
||
|
|
||
|
Report security vulnerabilities in third-party modules to the person or
|
||
|
team maintaining the module.
|
||
|
|
||
|
## Disclosure Policy
|
||
|
|
||
|
When the mailcow team receives a security bug report, they will assign it
|
||
|
to a primary handler. This person will coordinate the fix and release
|
||
|
process, involving the following steps:
|
||
|
|
||
|
* Confirm the problem and determine the affected versions.
|
||
|
* Audit code to find any potential similar problems.
|
||
|
* Prepare fixes for all releases still under maintenance.
|
||
|
|
||
|
## Comments on this Policy
|
||
|
|
||
|
If you have suggestions on how this process could be improved please submit a
|
||
|
pull request.
|