Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / ImageMagick / refs/heads/int/13/fp4 / . / SECURITY.md
blob: 14c3b5389029973a8741654c7f0f22667262518b [file] [log] [blame] [view]
Cristydc134b42020-06-07 09:53:54 -0400[diff] [blame]1# Security Policy
Cristy0e2fe462020-06-07 09:53:07 -0400[diff] [blame]2
Cristyeeaef152020-11-21 13:58:43 -0500[diff] [blame]3ImageMagick recommended practices **strongly** encourages you to configure a [security policy](https://imagemagick.org/script/security-policy.php) that suits your local environment.
Cristy0e2fe462020-06-07 09:53:07 -0400[diff] [blame]4
Cristydc134b42020-06-07 09:53:54 -0400[diff] [blame]5## Supported Versions
Cristy0e2fe462020-06-07 09:53:07 -0400[diff] [blame]6
Cristydc134b42020-06-07 09:53:54 -0400[diff] [blame]7We encourage users to upgrade to the lastest ImageMagick release to ensure that all known security vulnerabilities are addressed. On request, we can backport a vulnerability to other ImageMagick versions.
Cristy0e2fe462020-06-07 09:53:07 -0400[diff] [blame]8
Cristydc134b42020-06-07 09:53:54 -0400[diff] [blame]9## Reporting a Vulnerability
Cristy0e2fe462020-06-07 09:53:07 -0400[diff] [blame]10
Cristy196f03c2020-06-09 07:27:40 -0400[diff] [blame]11Post any vulnerability as an [issue](https://github.com/ImageMagick/ImageMagick/issues). Or you can post privately to the ImageMagick development [team](https://imagemagick.org/script/contact.php). Most vulnerabilities are fixed within 48 hours.
12
13In addition, request a [CVE](https://cve.mitre.org/cve/request_id.html). We rely on you to post CVE's so our development team can concentrate on delivering a robust security patch.