Warning: This page has not been updated in over over a year and may be outdated or deprecated.
security
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
security [2015/12/14 19:29] – ↷ Page moved from security to administration:security demiankatz | security [2024/02/20 19:47] (current) – demiankatz | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Security ====== | ||
+ | |||
+ | The VuFind® project takes security seriously, and the code is written with security in mind. However, every application can have unanticipated security holes, and even a carefully-designed system can be insecure if configured incorrectly. This page collects security-related resources in one place. | ||
+ | |||
+ | ===== Best Practices ===== | ||
+ | |||
+ | See the [[administration: | ||
+ | |||
+ | ===== Known Vulnerabilities ===== | ||
+ | |||
+ | // No vulnerabilities have been reported yet. // | ||
+ | |||
+ | ===== Reporting a Security Issue ===== | ||
+ | |||
+ | If you have discovered a security flaw in VuFind®, or if you have specific security-related concerns, please contact info@vufind.org to reach the [[community: | ||
+ | |||
+ | ===== Vulnerability Handling ===== | ||
+ | |||
+ | The vulnerability handling process is inspired by the [[https:// | ||
+ | |||
+ | * A vulnerability is reported to the Project Management Committee. | ||
+ | * The Project Management Committee (and relevant committers) work privately with the reporter to resolve the vulnerability. | ||
+ | * A new release is issued containing the fix to the vulnerability; | ||
+ | * The vulnerability is announced to the project' | ||
+ | |||
+ | ===== Other Resources ===== | ||
+ | |||
+ | * The results of a 2023 security audit were discussed as part of the [[community: | ||
+ | ---- struct data ---- | ||
+ | properties.Page Owner : | ||
+ | ---- | ||