external
/
pg_stat_monitor
mirror of https://github.com/percona/pg_stat_monitor.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create SECURITY.md (#452) 

* Create SECURITY.md

* Update supported versions section
pull/459/head
Artem Gavrilov 2024-04-19 14:48:48 +02:00 committed by GitHub
parent dce1913154
commit c2923b4d61
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
SECURITY.md Normal file
View File

@ -0,0 +1,24 @@
# Security Policy
## Supported Versions
pg_stat_monitor project follows rolling release strategy. So all security updates go to new versions.
## Reporting a Vulnerability
Please report any vulnerabilities to our project in [Jira](https://perconadev.atlassian.net/jira/software/c/projects/PG/issues).
If the vulnerability is accepted and confirmed by our experts, you should normally expect us to deliver
a version with a fix according to the timelines provided below:
For Percona created software (our engineers wrote the code):
- Low/Medium: 120 days
- High: 90 days
- Critical: ASAP but should not exceed 30 days
For Non-Percona created software (upstream provided/packaged) from the time the vendor releases a patch:
- Low/Medium: 2nd release from current version
- High: Next release
- Critical: Hotfix or no later than next release (our regular release cadence is once every month)