Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
S
simplesamlphp
Manage
Activity
Members
Labels
Plan
Jira
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Analyze
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
This is an archived project. Repository and other project resources are read-only.
Show more breadcrumbs
Perun
Perun ProxyIdP
v1
simplesamlphp
Commits
e6c0f7e7
Commit
e6c0f7e7
authored
8 years ago
by
Jaime Perez Crespo
Browse files
Options
Downloads
Patches
Plain Diff
Update the contribution guidelines to include information on how to report security incidents.
parent
3d9fd3dd
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
CONTRIBUTE.md
+34
-1
34 additions, 1 deletion
CONTRIBUTE.md
with
34 additions
and
1 deletion
CONTRIBUTE.md
+
34
−
1
View file @
e6c0f7e7
...
@@ -93,7 +93,40 @@ You can help us diagnose and fix bugs by asking and providing answers to the fol
...
@@ -93,7 +93,40 @@ You can help us diagnose and fix bugs by asking and providing answers to the fol
*
Are the steps to reproduce the bug clear? If not, can you describe how you might reproduce it?
*
Are the steps to reproduce the bug clear? If not, can you describe how you might reproduce it?
*
What tags should the bug have?
*
What tags should the bug have?
*
How critical is this bug? Does it impact a large amount of users?
*
How critical is this bug? Does it impact a large amount of users?
*
Is this a security issue? If so, how severe is it? How can an attacker exploit it?
*
Is this a security issue? If so, how severe is it? How can an attacker exploit it? Read more about security issues in
the next section.
## Reporting vulnerabilities
In case you find a vulnerability in SimpleSAMLphp, or you want to confirm a possible security issue in the software, please
get in touch with us through
[
UNINETT's CERT team
](
https://www.uninett.no/cert
)
. Please use our PGP public key to encrypt
any possible sensitive data that you may need to submit. We will get back to you as soon as possible according to our
working hours in Central European Time.
When reporting a security issue, please add as much information as possible to help us identify, confirm, replicate and
fix the problem. In particular, remember to include the following information in your report:
*
The version or versions of SimpleSAMLphp affected.
*
An exact version that can be used to replicate the issue.
*
Any module or modules involved in the issue.
*
Any particular configuration details relevant to the setup affected.
*
A detailed description and a clear and concise, step-by-step guide to allow us reproduce the issue.
*
Screenshots, videos, or any other media that would help identify the issue.
*
Pointers to the exact line or lines in the code where the vulnerability is supposed to be.
*
Context on how you discovered the issue.
*
Your own name and whether you want to be credited for the discovery or not.
Please
**DO NOT**
report security incidents related to systems that use SimpleSAMLphp, where this software is not the
cause of the incident. Issues related to the use (or misuse) of infrastructure, misconfiguration of the software,
malfunction of a particular system or user-related errors should not be reported either. If you are using SimpleSAMLphp
to authenticate or login to services, but you don't know what SimpleSAMLphp is or you are not sure about the nature of
the issue, please contact the organization running the service for you.
Finally, be reasonable. We'll do our best to resolve the issue according to our principles of security and transparency.
Every confirmed vulnerability will be published and resolved in a timely manner. All we ask in return is that you
contact us privately first in order to avoid any potential damage to those using the software.
You can find the list of security advisories we have published
[
here
](
https://simplesamlphp.org/security
)
.
## Translations
## Translations
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
