Skip to content

doc(security): amend outdated security policy info#993

Open
eternal-flame-AD wants to merge 1 commit into
masterfrom
security-md-patch
Open

doc(security): amend outdated security policy info#993
eternal-flame-AD wants to merge 1 commit into
masterfrom
security-md-patch

Conversation

@eternal-flame-AD

Copy link
Copy Markdown
Member

Added more guidance to clear up some friction points regarding vulnerability report submissions.

The editorial goals are:

  • Provide more clarity as to what are supported versions, and provide actionable alternatives for findings that do not apply
  • Reflect that we are now talking reports via Github Security.
  • Nudge reporters to stick to the CVE vocabulary so it's easy to read and reduces paperwork.
  • State expectations and goals of our advisory program in a soft but informative manner.

@eternal-flame-AD eternal-flame-AD requested a review from a team as a code owner July 8, 2026 11:04
@codecov

codecov Bot commented Jul 8, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.34%. Comparing base (ed8af76) to head (37c9da4).

Additional details and impacted files
@@           Coverage Diff           @@
##           master     #993   +/-   ##
=======================================
  Coverage   74.34%   74.34%           
=======================================
  Files          66       66           
  Lines        3461     3461           
=======================================
  Hits         2573     2573           
  Misses        688      688           
  Partials      200      200           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Comment thread SECURITY.md
Please report (suspected) security vulnerabilities to
**[gotify@protonmail.com](mailto:gotify@protonmail.com)**. You will receive a
response from us within a few days. If the issue is confirmed, we will release a
[GitHub Advisory](https://github.com/gotify/server/security)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment thread SECURITY.md
Only the latest version.
Only the latest released version.

If you found a vulnerability that only applies to older versions but has been accidentally fixed recently, please also open a private advisory to let us evaluate if a backdated advisory is necessary.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If you found a vulnerability that only applies to older versions but has been accidentally fixed recently, please also open a private advisory to let us evaluate if a backdated advisory is necessary.
If you found a vulnerability that only applies to older versions but has been accidentally fixed recently, please open a private advisory to let us evaluate if a backdated advisory is necessary.

Comment thread SECURITY.md
response from us within a few days. If the issue is confirmed, we will release a
[GitHub Advisory](https://github.com/gotify/server/security)
or **[gotify@protonmail.com](mailto:gotify@protonmail.com)**.
You will receive a response from us within a few days.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(optional) There are three lines with trailing whitespaces in this file. Please remove them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants