About Features Downloads Getting Started Documentation Events Support GitHub

Love VuFind®? Consider becoming a financial supporter. Your support helps build a better VuFind®!

VuFind Documentation

Site Tools

You are here: start » security
Trace:
Warning: This page has not been updated in over over a year and may be outdated or deprecated.
security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
security [2014/06/13 13:14] – external edit 127.0.0.1security [2024/02/20 19:47] (current) demiankatz
Line 1: Line 1:
 +====== Security ======
  
 +The VuFind® project takes security seriously, and the code is written with security in mind. However, every application can have unanticipated security holes, and even a carefully-designed system can be insecure if configured incorrectly. This page collects security-related resources in one place.
 +
 +===== Best Practices =====
 +
 +See the [[administration:security|Security for VuFind® Administrators]] page for step-by-step instructions on common security-related configuration needs as well as important best practice advice.
 +
 +===== Known Vulnerabilities =====
 +
 +// No vulnerabilities have been reported yet. //
 +
 +===== Reporting a Security Issue =====
 +
 +If you have discovered a security flaw in VuFind®, or if you have specific security-related concerns, please contact info@vufind.org to reach the [[community:roles_and_responsibilities#project_management_committee|Project Management Committee]]. The PMC will work with you to reach a satisfactory solution to your problem and make responsible disclosures to the community where necessary.
 +
 +===== Vulnerability Handling =====
 +
 +The vulnerability handling process is inspired by the [[https://www.apache.org/security/|Apache Software Foundation process]], and it works like this:
 +
 +  * A vulnerability is reported to the Project Management Committee.
 +  * The Project Management Committee (and relevant committers) work privately with the reporter to resolve the vulnerability.
 +  * A new release is issued containing the fix to the vulnerability; fixes may also be backported to legacy release branches at the discretion of the development team.
 +  * The vulnerability is announced to the project's public mailing lists and Slack community, and mitigation instructions are posted to this page.
 +
 +===== Other Resources =====
 +
 +  * The results of a 2023 security audit were discussed as part of the [[community:conferences:summit_2023|2023 VuFind® Summit]]. Recordings and associated documentation can be found on the [[community:conferences:summit_2023|page for the event]].
 ---- struct data ---- ---- struct data ----
 +properties.Page Owner : 
 ---- ----