From: Sarah Hoffmann Date: Mon, 12 Jul 2021 15:14:59 +0000 (+0200) Subject: Merge pull request #2391 from lonvia/fix-sonar-issues X-Git-Tag: v4.0.0~52 X-Git-Url: https://git.openstreetmap.org/nominatim.git/commitdiff_plain/b4fec57b6d53f8e8a45c46ff11f13cbcbea1006a?hp=f8b5a63de39691ea6e7fcb9180a856f0d2650999 Merge pull request #2391 from lonvia/fix-sonar-issues Fix bugs and code smells found by Sonarqube --- diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..41a6f2ef --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,39 @@ +# Security Policy + +## Supported Versions + +All Nominatim releases receive security updates for two years. + +The following table lists the end of support for all currently supported +versions. + +| Version | End of support for security updates | +| ------- | ----------------------------------- | +| 3.7.x | 2023-04-05 | +| 3.6.x | 2022-12-12 | +| 3.5.x | 2022-06-05 | +| 3.4.x | 2021-10-24 | + +## Reporting a Vulnerability + +If you believe, you have found an issue in Nominatim that has implications on +security, please send a description of the issue to **security@nominatim.org**. +You will receive an acknowledgement of your mail within 3 work days where we +also notify you of the next steps. + +## How we Disclose Security Issues + +** The following section only applies to security issues found in released +versions. Issues that concern the master development branch only will be +fixed immediately on the branch with the corresponding PR containing the +description of the nature and severity of the issue. ** + +Patches for identified security issues are applied to all affected versions and +new minor versions are released. At the same time we release a statement at +the [Nominatim blog](https://nominatim.org/blog/) describing the nature of the +incident. Announcements will also be published at the +[geocoding mailinglist](https://lists.openstreetmap.org/listinfo/geocoding). + +## List of Previous Incidents + +* 2020-05-04 - [SQL injection issue on /details endpoint](https://lists.openstreetmap.org/pipermail/geocoding/2020-May/002012.html)