Skip to content
Snippets Groups Projects
Normal view Permalink
SECURITY-en.md 2.67 KiB
Newer Older
Sebastian Kawelke's avatar
Adds english translation of the security.md
Sebastian Kawelke committed
1 2 3 4 
# Security policy

## Versions
Sebastian Kawelke's avatar
Fixes several typos  
Sebastian Kawelke committed
5 
The latest patches and the latest software are published under the `:main-<commit-short-hash>-<unix-timestamp>` tag scheme of the container image. The latest security updates are therefore published on such a tag first. A versioned container image (tag) is regularly available for productive use.
Sebastian Kawelke's avatar
Adds english translation of the security.md
Sebastian Kawelke committed
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 

Older tags need to be updated manually, as we normally do not release an updated image for an existing tag; this is only done in case of _severe_ security vulnerabilities.

## Reporting a vulnerability

You can report a vulnerability or anomaly to the development team. This will initiate the process of coordinated vulnerability disclosure. The team will then endeavour to develop security patches within a week if possible. The vulnerability will then be publicised as part of the release. If you wish, you can also be published as a reporter.

* You can send your report to the following e-mail address: [ozgsec@bmi.bund.de](mailto:ozgsec@bmi.bund.de)

* You can also create a [confidential issue in this repository](https://gitlab.opencode.de/bmi/ozg-rahmenarchitektur/ozgsec/ozgsec-best-practice-scanner/-/issues/new?issue[confidential]=on&issuable_template=security-advisory-en).

* Alternatively, you can send an encrypted email to the following email address:

```text
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: mailto:ozgsec@neuland-homeland.de
Expires: 2024-12-31T23:00:00.000Z
Encryption: https://gitlab.opencode.de/bmi/ozg-rahmenarchitektur/ozgsec/ozgsec-web-frontend/-/blob/main/public/ozgsec@neuland-homeland.de-0x52AC2F9AABDD3852-pub.asc
Preferred-Languages: en, de
Canonical: https://gitlab.opencode.de/bmi/ozg-rahmenarchitektur/ozgsec/ozgsec-web-frontend/-/blob/main/public/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQJPBAEBCAA5FiEEf6UQ6m1bQE+kne3dUqwvmqvdOFIFAmYrdecbHG96Z3NlY0Bu
ZXVsYW5kLWhvbWVsYW5kLmRlAAoJEFKsL5qr3ThS8XIP/ikENYTN4AJaCL0ueNCd
+MDqE2dRnllULpcrnmWnpei356o7rs1f0ssaQNuUeOlhypnzQ6Iy0yHPXxJj7UWF
UU4kdjQvqKA1otckcCT3kBf2vExHy3nwuFkKyCmj/F2QgwEaIDxXBUR0o9kFdVzN
WWXe6VTenLNKK4e3j/oP6/nX43lmFTo/0FcF009Jj0hAIIeozwUx0pp7k/HOsWe7
FXZTh2STwwd44w0SjgVX8CKaJagaUt+1bav46dMOVyFKq1RdhlDZ+o8kojwd+XOG
Q5YwDw9S280DgIXVTqDucKvzy4I5Iu/t692061IcnuCzWF9h44PaO9S7qF7jFeS0
z8koE4xV8LOijahbvv3kJ5RGRPBVxzTMpYa58hdrrlUXIVu6cQyqB2Kl6jMnztyH
g0dGERfFp9/JLJBvjSJScTxGojOS9932MsqArnuu/JFtLYAZWPAFtku/CwycZxIk
uaj+YM5j+e8fbPnpv4clC5+qy/LIgNqCMkcBfRGWIndmVdI5XFIYlbWqvfTI4dIj
ILu2ehkTcbep7DwYMNsIgJtVB49S0iaytv4Kr5Vugch5L4n/pUS1r0E7Te2uA6qZ
TGmOilqw3FHHOdJX1EGsdm+JUXC5XRR3hDrP3tJamND0iToS+bge9niPse0ItuHb
hIJXJiyJbW9WrhVUbS6Ng78q
=vSyi
-----END PGP SIGNATURE-----
```

*Text based on: [DMS](https://github.com/docker-mailserver/docker-mailserver/blob/master/SECURITY.md)*

Consent

On this website, we use the web analytics service Matomo to analyze and review the use of our website. Through the collected statistics, we can improve our offerings and make them more appealing for you. Here, you can decide whether to allow us to process your data and set corresponding cookies for these purposes, in addition to technically necessary cookies. Further information on data protection—especially regarding "cookies" and "Matomo"—can be found in our privacy policy. You can withdraw your consent at any time.