From 11449c2187d0f450b86915d88f92595a1825e4cf Mon Sep 17 00:00:00 2001 From: LabPixel <74812891+ayato-shitomi@users.noreply.github.com> Date: Sat, 7 Feb 2026 19:31:10 +0900 Subject: [PATCH] feat: Create SECURITY.md (#1485) --- SECURITY.md | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..141956a8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,54 @@ +# Security Policy + +Thank you for helping improve the security of MediaCMS. +We take security vulnerabilities seriously and appreciate responsible disclosure. + +--- + +## Reporting a Vulnerability + +If you discover a security vulnerability in MediaCMS, **please do not open a public GitHub issue**. + +Instead, report it using one of the following methods: + +- **GitHub Security Advisories (preferred)** + Use the "Report a vulnerability" feature in this repository. + +- **Contact Form** + Submit details via the official contact page: + https://mediacms.io/contact/ + +Please include as much of the following information as possible: +- Affected version(s) +- Detailed description of the issue +- Steps to reproduce (PoC if available) +- Impact assessment (e.g. RCE, XSS, privilege escalation) +- Any potential mitigations you are aware of + +--- + +## Supported Versions + +Security updates are provided for the **latest stable release** of MediaCMS. +Older versions may not receive security patches. + +--- + +## Disclosure Policy + +- We aim to acknowledge reports within **7 days** +- We aim to provide a fix or mitigation within **90 days**, depending on severity +- Please allow us time to investigate before any public disclosure + +We follow responsible disclosure practices and will coordinate disclosure timelines when appropriate. + +--- + +## Recognition + +At this time, MediaCMS does not operate a formal bug bounty program. +However, we are happy to acknowledge valid security reports in release notes or advisories (with your permission). + +--- + +Thank you for helping keep MediaCMS secure.