Clone/ProxmoxVE
1
0
Fork 0
mirror of https://github.com/community-scripts/ProxmoxVE.git synced 2025-09-18 09:19:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve: SECURITY.md for clarity and detail + Adding PVE9 as supported (#7690)

Browse Source
This commit is contained in:
CanbiZ 2025-09-17 17:26:17 +02:00 committed by GitHub
parent ea58fdb7e0
commit 7961023f8c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 47 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
SECURITY.md
View File

@ -1,24 +1,64 @@
# Security Policy
## Supported Versions
This project currently supports the following versions of Proxmox VE:
This project currently supports the following versions of Proxmox VE (PVE):
| Version | Supported |
| ------- | ------------------ |
| 9.0.x | :white_check_mark: |
| 8.4.x | :white_check_mark: |
| 8.3.x | :white_check_mark: |
| 8.2.x | :white_check_mark: |
| 8.1.x | :white_check_mark: |
| 8.0.x | Limited support* ❕|
| 8.0.x | Limited support* ❕ |
| < 8.0 | :x: |
*Version 8.0.x has limited support. Security updates may not be provided for all issues in this version.
*Version 8.0.x has limited support. Security updates may not be provided for all issues affecting this version.
---
## Reporting a Vulnerability
Security vulnerabilities shouldnt be reported publicly to prevent potential exploitation. Instead, please report any vulnerabilities privately by reaching out directly to us. You can either join our [Discord server](https://discord.gg/jsYVk5JBxq) and send a direct message to a maintainer or contact us via email at contact@community-scripts.org. Be sure to include a detailed description of the vulnerability and the steps to reproduce it. Thank you for helping us keep our project secure!
Security vulnerabilities must not be reported publicly to avoid potential exploitation.
Instead, please report them privately via one of the following channels:
Once a vulnerability has been reported, the project maintainers will review it and acknowledge the report within 7 business days. We will then work to address the vulnerability and provide a fix as soon as possible. Depending on the severity of the issue, a patch may be released immediately or included in the next scheduled update.
- **Discord**: Join our [Discord server](https://discord.gg/jsYVk5JBxq) and send a direct message to a maintainer.
- **Email**: Write to us at **contact@community-scripts.org** with the subject line:
`Vulnerability Report - <Project/Script Name>`.
Please note that not all reported vulnerabilities may be accepted. The project maintainers reserve the right to decline a vulnerability report if it is deemed to be a low-risk issue or if it conflicts with the project's design or architecture. In such cases, we will provide an explanation for the decision.
When reporting a vulnerability, please provide:
If you have any questions or concerns about this security policy, please don't hesitate to contact the project maintainers.
- A clear description of the issue
- Steps to reproduce the vulnerability
- Affected versions or environments
- (Optional) Suggested fixes or workarounds
---
## Response Process
1. **Acknowledgment**
- We will review and acknowledge your report within **7 business days**.
2. **Assessment**
- The maintainers will verify the issue and classify its severity.
- Depending on impact, a patch may be released immediately or scheduled for the next update.
3. **Resolution**
- Critical security fixes will be prioritized.
- Non-critical issues may be deferred or declined with an explanation.
---
## Disclaimer
Not all reported issues will be treated as vulnerabilities.
Reports may be declined if they are deemed:
- Low-risk
- Out of project scope
- Conflicting with intended design or architecture
---
If you have any questions or concerns about this security policy, please reach out to the maintainers through the contact options above.