Strona główna Odkrywaj Pomoc
Zaloguj się
PSG
/
civetweb
kopia lustrzana https://github.com/civetweb/civetweb.git
5
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

Update SECURITY.md and LICENSE.md

bel2125 13 godzin temu
rodzic
d8c74f7cce
commit
3e7eceddeb
2 zmienionych plików z 4 dodań i 8 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 1 1
      LICENSE.md
  2. 3 7
      SECURITY.md

+ 1 - 1
LICENSE.md
Wyświetl plik 

@@ -11,7 +11,7 @@ Civetweb License
 
 
 ### Included with all features.
 
 
-> Copyright (c) 2013-2021 The CivetWeb developers ([CREDITS.md](https://github.com/civetweb/civetweb/blob/master/CREDITS.md))
 
+> Copyright (c) 2013-2025 The CivetWeb developers ([CREDITS.md](https://github.com/civetweb/civetweb/blob/master/CREDITS.md))
 
 >
 
 > Copyright (c) 2004-2013 Sergey Lyubka
 
 >

+ 3 - 7
SECURITY.md
Wyświetl plik 

@@ -14,16 +14,12 @@ Selected, critical defects are fixed in the latest release as well.
 
 Note that different security policies apply to different files/folders in this project:
 
 - The core components are include/civetweb.h, src/civetweb.c and src/*.inl.  These files are part of every server instance in production. Therefore they have to undergo the most intensive security tests and reviews.
 
 - The src/main.c file is used by the standalone server. It is used in various tests in combination with the aforementioned core components. Applications embedding civetweb will not use main.c and, thus, do not suffer from any vulnerabilities therein.
 
-- The example folders contain different usage examples in different maintenance state. This is explained in detail in the README file there.
 
+- The example folders contain different usage examples in different maintenance state. Some of them skipped error handling to keep the code shorter and easier to understand. This is explained in more detail in the README file there.
 
 - The content of all test folders (test, unittest, fuzztest) is used to test the server functionality. These tests are not designed with security in mind - on the contrary, some tests contain scripts or settings that even introduce security leaks on purpose. All tests are only meant to be run in a test environment. You should not use the content of any test folder in production. Also certificates in "resources/cert" are only meant to be used in test environments and must never be used in production.
 
 
 
 ## Reporting a Vulnerability
 
 
-Please send vulnerability reports by email to bel2125 at gmail com.
 
-Vulnerability with low severity can be sent directly by email.
 
-
 
-For high severity vulnerabilities, you can get an individual gpg key to encrypt your detailed description of vulnerabilities you want to report.
 
-
 
-If you do not get any response within one week, your email might have been lost (e.g., deleted as false positive by a spam filter). In this case, please open a GitHub issue.
 
+Ideally open a github issue for suspected vulnerabilities, even if you do not post all details there. This will help against emails getting lost.
 
+Detailed vulnerability reports including exploit code should be sent by email to bel2125 at gmail com.