zulip/SECURITY.md

# Security policy

Security announcements are sent to zulip-announce@googlegroups.com,
so you should subscribe if you are running Zulip in production.

## Reporting a vulnerability

We love responsible reports of (potential) security issues in Zulip,
whether in the latest release or our development branch.

Our security contact is security@zulip.com. Reporters should expect a
response within 24 hours.

Please include details on the issue and how you'd like to be credited
in our release notes when we publish the fix.

Our [security model][security-model] document may be a helpful
resource.

## Supported versions

Zulip provides security support for the latest major release, in the
form of minor security/maintenance releases.

We work hard to make [upgrades][upgrades] reliable, so that there's no
reason to run older major releases.

See also our documentation on the [Zulip release
lifecycle][release-lifecycle].

[security-model]: https://zulip.readthedocs.io/en/latest/production/security-model.html
[upgrades]: https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-to-a-release
[release-lifecycle]: https://zulip.readthedocs.io/en/latest/overview/release-lifecycle.html
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-10-23 02:43:28 +02:00			`# Security policy`
docs: Create GitHub SECURITY.md file. It seems worth participating in this GitHub standard. 2020-06-26 00:22:36 +02:00
			`Security announcements are sent to zulip-announce@googlegroups.com,`
			`so you should subscribe if you are running Zulip in production.`

docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-10-23 02:43:28 +02:00			`## Reporting a vulnerability`
docs: Create GitHub SECURITY.md file. It seems worth participating in this GitHub standard. 2020-06-26 00:22:36 +02:00
			`We love responsible reports of (potential) security issues in Zulip,`
			`whether in the latest release or our development branch.`

docs: Apply sentence single-spacing from Prettier. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-08-20 21:53:28 +02:00			`Our security contact is security@zulip.com. Reporters should expect a`
docs: Create GitHub SECURITY.md file. It seems worth participating in this GitHub standard. 2020-06-26 00:22:36 +02:00			`response within 24 hours.`

			`Please include details on the issue and how you'd like to be credited`
			`in our release notes when we publish the fix.`

docs: Replace legacy roadmap.md with release lifecycle page. This new pages accomplishes several interrelated things: * Documents that Zulip Cloud runs master and how that works. * Documents policies on how long client apps are expected to support old releases in our compatibility matrix. * Removes the 3-years-stale roadmap article. * Provides a central place to talk about different versions in Zulip. * Provides a better place to link to from our "you need to upgrade" nag. This content is not intended to be final, but should be finalized in the next week or so. Fixes #18322. 2021-05-05 01:39:27 +02:00			`Our [security model][security-model] document may be a helpful`
			`resource.`
docs: Create GitHub SECURITY.md file. It seems worth participating in this GitHub standard. 2020-06-26 00:22:36 +02:00
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-10-23 02:43:28 +02:00			`## Supported versions`
docs: Create GitHub SECURITY.md file. It seems worth participating in this GitHub standard. 2020-06-26 00:22:36 +02:00
			`Zulip provides security support for the latest major release, in the`
			`form of minor security/maintenance releases.`

docs: Replace legacy roadmap.md with release lifecycle page. This new pages accomplishes several interrelated things: * Documents that Zulip Cloud runs master and how that works. * Documents policies on how long client apps are expected to support old releases in our compatibility matrix. * Removes the 3-years-stale roadmap article. * Provides a central place to talk about different versions in Zulip. * Provides a better place to link to from our "you need to upgrade" nag. This content is not intended to be final, but should be finalized in the next week or so. Fixes #18322. 2021-05-05 01:39:27 +02:00			`We work hard to make [upgrades][upgrades] reliable, so that there's no`
			`reason to run older major releases.`

SECURITY.md: Fix a broken markdown link. 2022-01-07 23:05:32 +01:00			`See also our documentation on the [Zulip release`
			`lifecycle][release-lifecycle].`
docs: Replace legacy roadmap.md with release lifecycle page. This new pages accomplishes several interrelated things: * Documents that Zulip Cloud runs master and how that works. * Documents policies on how long client apps are expected to support old releases in our compatibility matrix. * Removes the 3-years-stale roadmap article. * Provides a central place to talk about different versions in Zulip. * Provides a better place to link to from our "you need to upgrade" nag. This content is not intended to be final, but should be finalized in the next week or so. Fixes #18322. 2021-05-05 01:39:27 +02:00
			`[security-model]: https://zulip.readthedocs.io/en/latest/production/security-model.html`
			`[upgrades]: https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-to-a-release`
SECURITY.md: Fix a broken markdown link. 2022-01-07 23:05:32 +01:00			`[release-lifecycle]: https://zulip.readthedocs.io/en/latest/overview/release-lifecycle.html`