Skip to content

Security: elevantiq/CoreShop

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you think that you have found a security issue, don’t use the bug tracker and don’t publish it publicly. Instead, all security issues must be reported via a private vulnerability report.

Resolving Process

Every submitted security issue is handled with top priority by following these steps:

  1. Confirm the vulnerability
  2. Determine the severity
  3. Contact reporter
  4. Work on a patch
  5. Get a CVE identification number (may be done by the reporter or a security service provider)
  6. Patch reviewing
  7. Tagging a new release for supported versions
  8. Publish security announcement

There aren’t any published security advisories