-
Notifications
You must be signed in to change notification settings - Fork 46
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
506f58b
commit 753a3ab
Showing
1,496 changed files
with
149,505 additions
and
43,801 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| **/node_modules | ||
| **/target | ||
| **/output | ||
| **/.psc-package | ||
| **/storybook-static | ||
| # below is legacy JS code that will only be modified under exceptional circumstances. | ||
| **/Source/Plugins/Core/com.equella.core/resources/web/scripts | ||
| **/Source/Plugins/Core/com.equella.core/resources/web/js |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # openEQUELLA Coordinated Vulnerability Process (CVP) | ||
|
|
||
| If you discover any security concerns with openEQUELLA or associated technology please let the security group know by sending an email to <security@apereo.org>, or through your commercial service partner. Please do not raise security issues on the public tracker. | ||
|
|
||
| Team members of the openEQUELLA Security Group will field the issues and open a Draft Advisory on GitHub as needed - <https://github.com/openequella/openEQUELLA/security/advisories> | ||
|
|
||
| The openEQUELLA Security Group will then review the issue and help determine next steps. The openEQUELLA Security Group team member that originally fielded the issue will then respond to the originator with the recommended path forward. | ||
|
|
||
| When deemed appropriate by the above review: | ||
|
|
||
| - An embargo date is chosen (when will the issue become public) | ||
| - A CVE issue is opened | ||
| - A fix is created (ideally on a private fork) | ||
| - On the embargo date: | ||
| - The fix is released | ||
| - The Advisory is published | ||
| - Notices are sent out on the [equella-users](https://groups.google.com/a/apereo.org/g/equella-users) and [equella-dev](https://groups.google.com/a/apereo.org/g/equella-dev) mail lists. | ||
|
|
||
| The openEQUELLA Security Group is not responsible for fixing a given security issue. They are responsible to do the initial review, recommend a path forward, and guide the advisory to completion. | ||
|
|
||
| The openEQUELLA Security Group generally focuses on the latest release for security issues, as of August 12th, 2020, the focus would be on security issues in openEQUELLA 2020.1.3. |
Oops, something went wrong.