security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
security [2021/07/12 15:28] – open_basedir bypasses are no security issues cmbsecurity [2024/01/30 17:35] (current) derick
Line 5: Line 5:
    * Version: 1.0.1    * Version: 1.0.1
    * RFC: [[rfc:security-classification|Security Issue Classification]]    * RFC: [[rfc:security-classification|Security Issue Classification]]
 +
 +<blockquote>**The canonical version of this document now lives at https://github.com/php/policies/blob/main/security-classification.rst**</blockquote>
  
 ====== Introduction ====== ====== Introduction ======
Line 86: Line 88:
  
 Low severity fixes are merged immediately after the fix is available and handled like all regular bugs are handled consequently. However, release managers may choose to pull those fixes into the RC branch after the branch is created, and also backport them into security-only release branch.  Low severity fixes are merged immediately after the fix is available and handled like all regular bugs are handled consequently. However, release managers may choose to pull those fixes into the RC branch after the branch is created, and also backport them into security-only release branch. 
 +
  
 ====== FAQ ====== ====== FAQ ======
  
 Q. How do I report a security issue?\\ Q. How do I report a security issue?\\
-A. Please report it on http://bugs.php.net, choosing type "Security". This will automatically make it private. If for some reason you can not do that, or need to talk to somebody about a PHP security issue that is not exactly a bug report, please write to security@php.net. +A. Please report it on http://bugs.php.net, choosing type "Security". This will automatically make it private. If for some reason you can not do that, or need to talk to somebody about a PHP security issue that is not exactly a bug report, please write to security@php.net. You can also submit a security report on Github: https://github.com/php/php-src/security/advisories/new
  
 Q. What do you consider a responsible disclosure?\\ Q. What do you consider a responsible disclosure?\\
security.1626103722.txt.gz · Last modified: 2021/07/12 15:28 by cmb