|
40419472
|
2023-11-15T13:42:34
|
|
SECURITY.md: Further clarify security adv. policy
Security advisories should only be filed against official releases.
|
|
|
45f018cb
|
2023-11-15T13:04:12
|
|
SECURITY.md: Clarify security advisories policy
Unfortunately, most of the GitHub security advisories filed against
libjpeg-turbo thus far have been the result of non-exploitable API
abuses triggered by randomly-generated test programs and accompanied by
wild claims of denials of service with no demonstrable or even probable
exploit that might cause such a DoS (assuming a service even existed
that used the API in question.) Security advisories remain private
unless accepted, and I cannot accept them if they do not describe an
actual security issue. Thus, it's best to steer most users toward
regular bug reports.
|
|
|
4e7ff7b9
|
2023-05-31T10:24:04
|
|
SECURITY.md: Wordsmithing and clarifications
- Clarify that encrypted e-mail is optional.
- Mention the new GitHub security advisory system.
- Clarify that vulnerabilities against new features that are not yet in
a Stable release series need not be reported securely.
|
|
|
10693e64
|
2023-05-30T18:22:50
|
|
GitHub: Add security policy
|