184 lines
10 KiB
Markdown
184 lines
10 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Software Versions
|
|
|
|
The following versions are currently supported:
|
|
|
|
| Version | Supported |
|
|
|--------------|--------------------|
|
|
| 0.1.x | :x: |
|
|
| 0.5.x | :x: |
|
|
| 0.6.x | :x: |
|
|
| 0.7.0 | :x: |
|
|
| 0.7.1 | :x: |
|
|
| 0.8.0 | :x: |
|
|
| 0.8.1 | :x: |
|
|
| 0.8.2 | :x: |
|
|
| 0.9.0 | :x: |
|
|
| 1.0.0 onward | :white_check_mark: |
|
|
|
|
|
|
All versions below 1.0.0 are considered pre-release versions and therefore are not supported; this means they won't receive any security updates, nor will they receive regular maintenance updates.
|
|
|
|
Versions above v.1.0.0 are currently supported and will receive security and maintenance updates for at least 6 months from their release date. This table will be updated when releases are no longer supported. Additionally, some versions will be marked as LTS, which means they will continue receiving support for at least two years.
|
|
|
|
Long story short, if you're using something below 1.0.0, you're own your own!
|
|
|
|
## Supported PHP Versions
|
|
|
|
| Version | Supported |
|
|
|---------|--------------------|
|
|
| 5.x | :x: |
|
|
| 7.x | :x: |
|
|
| 8.0 | :x: |
|
|
| 8.1 | :white_check_mark: |
|
|
|
|
At the moment, only PHP versions 8.1 and above are officially supported.
|
|
|
|
## Supported Operating Systems
|
|
|
|
| Name | Supported |
|
|
| ------- |--------------------|
|
|
| Windows NT | Docker Only |
|
|
| MacOS | Docker Only |
|
|
| Ubuntu 22.10 | :white_check_mark: |
|
|
| Other Linux distros | :white_check_mark: |
|
|
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you found a critical vunlerability, please do not use the Issues tab to report it.
|
|
|
|
Instead, please forward an encrypted vulnerability report to ``security@webvokestudio.pt``, so that we have time to open a security advisory and work on a fix.
|
|
|
|
Use this public PGP key to encrypt your message:
|
|
|
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
|
|
mQINBGTa3HUBEADPF0ebCIBogj32QxgHCU8NJjuGa+lVgR367+bDP7uf+LeMMsVY
|
|
v/a478w+tOr1UbO8zIcskiJQeNZenwgzYfpOlxyHyhXW5Gr7XG4rPSzbHQ/YmWMQ
|
|
39v8/o1hekS7HuAKzOvtcEA2RVUHiREbQdEdOzfRSmVOfSJHWa2+WU1YL8eGOz6Q
|
|
6h21aUbBhcSbbv5h0XBbTjRFAg3neYpsrI/YXFf+CtYT/014BLdfv5nZ9ED2/WiM
|
|
CDA7rPPed6jiabNvpQ2RRp3I9xHqqVDRzTqQC3kTucbYxiLwQsl1A0/QUV+PEaJY
|
|
fw1SVcMtvecCK2y+7dUzfOSUbpVY7q9NB/XvZX7UpsfI7itmfWbW5S7kthGGLVvg
|
|
jrNggsYx3G1y6ZfIK/jS4rtCFMdl61tAIKrrBHhWcG2kPbi+8k52OpzUzQXxgdYv
|
|
PdHX696/e1sTMhryvpot3DpPBnZU15qxt7cigxQC78db8mWcv9OBdRkSN97Mml1A
|
|
e1FKHZwhqQaPnQFat57eUAzx0lqwVDAuK2qYMK073jMsooLdQakJdKhJNpz3O9Yp
|
|
1NCtdc5ZYZgMA+MSjnPiEHGY81N8TZwQwfkPAs9XkckR9kPX0YbT3CaiZdjkdGhy
|
|
2lZlm+/DNblLi9owPsvUG/PRu5YUem9j5MPJcwWpvbTI805bp32a3m7+4wARAQAB
|
|
tEtNaWd1ZWwgTm9ndWVpcmEgKFJlcGxhY2VzIGV4cGlyZWQgc2lnIDNjNmE3ZTI5
|
|
YWYyNmQzNzApIDxtZUBub2d1ZWlyYS5jb2Rlcz6JAkwEEwEKADYWIQTn7G6fRGOS
|
|
0grHtt9m+ZusrLjcVAUCZNrcdQIbAQQLCQgHBBUKCQgFFgIDAQACHgECF4AACgkQ
|
|
ZvmbrKy43FTr8xAAte9CNZwDA8pfQvm9vtcrVP1lYrmXIPhhNABH/+1le9HRJeF0
|
|
Si7r/uG+H2MZyKXo2ugGx4MeUvBWkQ4aZl60Ra2vz3t7hd+ShV6bwZxN29r+9fws
|
|
kHLY9fmwnngIr1S88npS8K99CfwRnsOJuCYD4BFJu7v5Z2+xQy6AS9wMxtfVK1RA
|
|
tRaEHnhuBDnFW9048HAWZMqpLWyMSrhBe1b0ITtQyM7zauykHbnDpO6F6ybV91kH
|
|
jYxoprR+yDyamY766p39CSzxfiIkYUGEk9/MWtK6qmSBtnarKD4EOxqRi5b/DyHw
|
|
n+Oyj7oClrfiLABhFNQlWqZskVz3WqIvlO7UJNbSZM4X4ax0dfLZdPtUi9avhmV8
|
|
Rha11L9ZP8F2+cp+9eM9LstdS2KEiPHfAmHOtgqQvVCNNA4QAQM4uY4fNNSfwrAT
|
|
JtApdwGAY3DSol6aysKZfjHhz7Vf3Q7QyyUeAPJ6VZuP/Woemijo5Ap9RNMQS7qW
|
|
QIhaCSOWVdqRZoFGQC0q+bPTEqFq4/QGe4LlH8UZoRRxyMK+6WL5nKYLItHKtQZz
|
|
4hsM2hEk/wqlsbM3hzUlCfDRz8fG9e2MgDGjoK/DyNlUEUpX0YlQ/WIn9lz+pq1h
|
|
7U6ncc/4IkCAYa3Kxu9LScGu6Zeb1T9CRqmO4zKUCs09FfDTlSR36A4Vtai5Ag0E
|
|
ZNreGgEQALlCqEP+U78mdtJa8gD3UMWFn8K2cRPDDFnfVNiquNSmuLkyZmBzArgR
|
|
rU6nqMQCdLzuQxs236lDdFs4KJr6Pab1cUx1+aaU9Sqrn1M/Lsl287NQnJR1596Q
|
|
9t4jNcULXrmNvyUmj1G1pnDyYUv+oDQ21jwj9UBxPkSgNVxSfzLGBlB4xrfu4UMX
|
|
EbzSRPuFsGe5HAjnGzQidIMYJZzjKe5lozH8Ro/xp4s/ybXoiPdwe4ir8ACixI9/
|
|
igr17Fd0i9IBeJPiRbLrga6iC0jpfZaAAIYZ13wRyOZV8fC2hN3WhaaTJmwO/zW0
|
|
MTZxnFq8DZdTrVYQC3Lg6lTNcY64HFkRWLXgvG7vVIgQMN+YC8M48r71Onxd0Tpd
|
|
rDos9zyzXOqENRM0bJG5g2Y/H7urbW2wzZiFLKqvhgWDyBTuTd1KSlI1qgq0Hl+Y
|
|
do22uOFaHnxhRdrYMTJslJrx2w2h6INvTjHfhtP+GDUFgTa3pfqgLFmnTp4GOUyv
|
|
7oPJy2Ce1zV0wu6br+TA3sNgO/T2CBXWbD1APNGYlnRU2xDiiSZucI8H05HBqJRQ
|
|
bTSWBv5nHOvVklCoNdmC1D3JUEIbUyCF3pXFZ1GtvHGiHbx0PF7E1KBFzBbf9BHO
|
|
iLv5wRtGLO6ROWXVqg2v71pI6dAXyzeAN2dJ6u7//4XPjCXztaGjABEBAAGJAjwE
|
|
GAEKACYWIQTn7G6fRGOS0grHtt9m+ZusrLjcVAUCZNreGgIbIAUJAeEzgAAKCRBm
|
|
+ZusrLjcVJAfD/4/iAFsVT32GqRV7kCG3lTAJtLmc4HvhH1Lg+74S03VJRPWQAQv
|
|
hQ++5AQRk49GYr5tqm2TBL0URCD+uiOeGfCrTZ7G5+nI3oqfgyBYSm/EdXatGNnA
|
|
tmhY9zo3fx81X5mQ0hJmpKLH5aTupOXqqd6y+eq5IurRJ2XvFvllj8WeELR831HV
|
|
V7F+cUT3wh1fntAVyo31H7CHpXNhyN6Y6Ku1gzN6LrhGmOTYpeLoLX/BikicO9Yy
|
|
2diBy35h4CQEYWei/5AMiECrW/muTuFl6INNUXmfz2cikyfP/HWDXguDMG6bOEP7
|
|
ytrRkM1Nh3cvqHDqTJ2OtpXQSb3kzZa5yzAZybL61KNpMxXD0lO4XGK/Z3/rvm9l
|
|
UgFtNrexV1l5pnYEDy0DsamSASiQ+U7WZtAQ7noHzpth7FndYxjPpLeN7WISaTHC
|
|
YxVaG4OoS8zclmwPFFIxHeyd5pHP8jheHsIYabA09gLwZIhCthapA0pfsi3wpdVz
|
|
7RLO32TaOiLPW6LWPiuYDbvEQfAFFP+jTP80ljv+j8xAvpmAXtHsx38U+opkHn5e
|
|
oKDQHDV0GokAbES4XOHKhqt6yNDOzNFuqkliKS8Mrw7X6lr+LGXxZb/zlNWhSIEm
|
|
m9Wu+1S+yaj4bew+5sM2YSv3NIeQc8Lk+JVp0B9Kr4xO0q089dHLv88mw7kCDQRk
|
|
2t3XARAAx2BjZyrNqibPKymlMfLj5W/irOQGV7TkqajyzFzaLsa0ROZhzsRW7MF1
|
|
V7Uzzkz/zFYKbprRgBwYCx212X6RnsnaaGhBYzD+f146TOud0iccXryEYzeXA66N
|
|
Bcw1f7AP92b0+yTOLT1+XrbCae2UZPVp14mJTo/Aus6ZOrbj4nj2H2irrFWeXeMX
|
|
aHCpbeM3Iifg7x44TevOHh/aisooIWuyEtnRxzVT5yvIvCfV/yTWh9FDFCy0m5HF
|
|
YRyow7qIr1xiGuLwk4+40SKOMUSqlq4Hv0b52NxFubU2UtFOm0rDXXoDAm9ilq/T
|
|
dJkgGzmSPtWA2ZMFehinsFd2/SJu0hEJQg6O0zAwq97mJ/UK0LtHiuiqDNGdit0A
|
|
1qaqQYMqP+RR/ZWZbYVotEpYKTBbtpcsuiO3NKxvYXSjQEcaN2jQ74r8ATPPzyy/
|
|
EmnsC3bVjjUHHXTqGM7C/sQmglfpOPo1i0qNgrC/D8GhBQ9XMIsgAl6yzPF/H2SU
|
|
tSy5z9tEH4dt8hZXesSD/33oJa/F0jy01CueNpw0nCX1frQ+B2GZCp+gaUEX8lse
|
|
S8nuFHhSwT5YzHEHX0dQgcwWNOtFkdiSQVmYHb4Wmo6D433J++TwSEa3dulZr8vl
|
|
q7ETYWcIOocNRWqRK2gaSGr1qmMpZOkcYT9gT+75n2FbiB2VDGMAEQEAAYkCPAQY
|
|
AQoAJhYhBOfsbp9EY5LSCse232b5m6ysuNxUBQJk2t3XAhsMBQkB4TOAAAoJEGb5
|
|
m6ysuNxUov4P/RvHg67/VSYjDuFxKVnGksYXLO53InEg7iz7niqNeWYvHw0lAtfe
|
|
0gH7YyHtVje0VxnlI1Q1WTpRx+Zk+wItSgHbrxU4Z8XEvSD1RrtWNAKQVfy+Mj8J
|
|
lYCON6BRDC8y8HYCi2PU8gC493jCgMiURWnezLGI4rBvIrgtVCwtpNj4DbLKCE0w
|
|
AFsMtOobeSNp/P+281uHx6uImnWujdJwr410b+PsGsjcL948nlVWwUhRwvkpb+Ap
|
|
vBU1j01QWOX0Ecg/VAQO0xOxNxj2VEdbccrKr6kqZWjlu7Kba+j01t8mLwTcSM+j
|
|
w2o+yIdCiNB9TqVzbkwthqdR3cB5PJKYCdgryfINfKaBYl3KuADaTMAXwvTi+RLI
|
|
sToQ8L6Peg4+phIK8T03n8J7hMvbx296JkLKC0tW6BgEkeVGBI8xq8M+xxTXSj22
|
|
Y+CzfViBNHdybuf0splwwM5fKyZqIJlRID+Dkc4DXoIUA8VPkOD0MnfCCw+NiWSV
|
|
w09c1KKYOc/ye8kCH3G5ahbdBveR0CwEkOf/x4kbCq2YIEgU4dONWhxdUwaNL8Zw
|
|
SraxYgTDFs7vAvDbgs4XJ2040CuuojfCCgE/UEXUY5Gx7AUerKmsp0ceh3i+And7
|
|
+9Iyduoj5WJxoG6oFaq6LiQxPNi1WVDHNWkihpUaU6h1RMn3I9C1o6UQuQINBGTa
|
|
3ZEBEADw2TU6dql4YKnsW5I3R/9qD79EkR2TOVDlt7q3prFN2tBdO0bcc76+9VNP
|
|
1QkBdHAPpEH4+l1h/GdpvS7VOLbkhriV8Ur1apeq5w6yAd+OTxh5XkETPJlNHxXN
|
|
EnLVuQxLIpRzeF38fTqolj3hDViFmhEGKM6clBC8QP/GZt/KDTs6cL+zGMshMCBE
|
|
igY8xQesVGmo3sEjs2B3VpgUd5yhTIXj1r8QSE3JCH76vkhuQ44MOftqMTRXvbvT
|
|
6Ei84evKRf4Kqj+1PmAXUqdVx521je8TGf04I81TziwsLUVKlVFfpRiMUj+uk/tK
|
|
YFfmsel+JONJlw/PJJjcI/txSK0nkAsIK0687C/wZLGXY6bp51VyxNCaQLBmPfcn
|
|
kKPglp4vsbqLLKuMbOT4+e9Mkc0yj7MFeuJXdf0wvN+Gg88vXgbALVqqnPPNmkb9
|
|
SXOT/slQ8K/f/yUQSQvEYIpAAWCAvN25iE4XNeTNR+6CWZ+Hg9YtxJOESW44mF6H
|
|
yfUeJTY0ZewQv1fHAnUVFxCpH7XCjufMMWqGBaeZPIvLUc8EIbeB9eIpPQQrWcvz
|
|
BYUI6YcNDiN8o+FEuNH4iGPIl9ViNXxBzepCsHI423MtlJlleqGXXPRJE47aKlH5
|
|
BR/s9Plypv2oJ23RTSg4qaRdBcF2YLUFA5gjaMU9lGFvkyL8awARAQABiQRxBBgB
|
|
CgAmFiEE5+xun0RjktIKx7bfZvmbrKy43FQFAmTa3ZECGwIFCQHhM4ACPwkQZvmb
|
|
rKy43FTBcyAEGQEKAB0WIQSLsVt11eY0JqWQURhD7xXbDMht3QUCZNrdkQAKCRBD
|
|
7xXbDMht3TVvD/Y4J2XpDGhHDdZupOl+u14oVLm7vhrKs6pwIunBIVj8s5dMRGKx
|
|
D0RmMPNGvGkRYyy96GgPtDpi1YO+CoSLBorFvByHThsIVA3Xd+G+1NYMhOvT2li2
|
|
pKUBQ67nDxVRoOqKaicnBlyAzi4ne58ddtTDjFQCNcKuc6YaNJBxLMvs7zd4o6YL
|
|
z+Yh+Gv5F+rCQvj+RGTtiICeiQxSF9JAxyVoyugnBx/eE9Mn9KO+WGEOU9q3k4v8
|
|
Ec8iY3bZKQmc03NLNXOqNo1qEaxTYCgQdyPK4NCID5XSDr56lSa1R/qqf8L7t1Xf
|
|
hBzvLCm2YBq1CvGkLaApNKm7WWMIbJMriOCLyXOATnyDoO1jYG86UdDa0CMRuSQu
|
|
MfB6jSKgr5HrMuwJHunKLp6cLa7mHCi+wTvqYOYhS/Y8hBxtEsiCwqpCMBfLCCTd
|
|
cQkrOgS6e8U36coXVBEsfsNdGLdpJDVhmqramkPV0ZqCUpGAM/5hreY+oWwVhQq7
|
|
DXyeL0Xjxc3MDC6NxKCoCV9Hh89QWqyokmC5ocvSlacVl4Mik7UtRgNufJpthfM1
|
|
QqJi6IYiW/VoIqjVSatvK772JhSpNEwMy5DX5gfSAyi4+KEj1zCDSA3t//lKdjyM
|
|
r2cbSn51Ou6tr163t0Q3bqLlv+R4WxjGR3JQJGUYE2x0J9z1YOb0WW6gfVQQAKIk
|
|
tc4qXSCCMfryn4zm4JPXBIY8LX+ypz0OmFndOjbDZ27pHTFh/4eVNORAr94FM+2t
|
|
McikmjPFi1zc+0Is2tGK0x2854/8IOVTl7zRXakVqbWFOLHnE3QHqW/b3NTwQkJe
|
|
ZcTHE7wvxid5R2qzETx3Hl3reajaaLTlYqTLkS1PsJY6hOm9tRUW03Dp/lMGxhuA
|
|
c4XN7NTsLve0+VoOqyARFutO9XHRzhAg+0iO/ATaUmkPoNEzYxSwcHmPffb49kVO
|
|
nfoz71l6LDLl9sABrU9GkrKpQKt1HbomJ0uHGqYlXIRqrH8qqv2Sj2XfkoVgeXxC
|
|
jQoK3Vg/rCkiM7YUMADks66rTD/GezWOv2pyBvoD31vITKMd8A89g2SVdPo/JpG6
|
|
O4biekGbnoPZsF+39AT1mbKFDhK5vOHoiSNmdDQRHwq3mBTpzywm4tC+kSN9owNl
|
|
cPqY7wsYVU7eS7WEIl5jnQOkGYQIEDtqoJUrUf0/n0frKs7o084TuP8ednzbpDIC
|
|
K4WgPkxodgUOYJDiXio94TRgBN8H0uW6ew3allO9R5iB/5WKfUbx6BfqLKNtSdar
|
|
NyOygnYabChA7CP4t77KPsOWDL+OcmHOK//QeID/hbqxOfBnkARq1zuLex6bS6kO
|
|
/k925kCtzpT9dRpwmvccf9Hag36LItLzInt526MG
|
|
=eyRs
|
|
-----END PGP PUBLIC KEY BLOCK-----
|
|
|
|
|
|
You may use [this tool](https://pgptool.org/) to encrypt and sign your message.
|
|
|
|
|
|
## Using the Issue Tracker
|
|
|
|
This GitLab system is intended for internal use only, therefore, only authorized users may sign up and sign in via the currently configured idP integration. However, if you want to contribute to the project or submit a bug report, please feel free to request an account!
|
|
|
|
Account requests are granted regularly, though requests will be expedited/prioritised for users with their own email domain and users with an established GitLab/GitHub account.
|
|
|
|
To request an account, please follow the format below and send it to ``security@webvokestudio.pt``:
|
|
|
|
Subject: Future Gamers GitLab Account Request - [Your Name]
|
|
Body:
|
|
|
|
Reason: I want an account because A and B
|
|
GitLab/GitHub: https://gitlab.com/YourAccount OR https://github.com/YourAccount
|