Skip to content

Security: pimcore/pimcore

SECURITY.md

Security Policy

Reporting a Vulnerability

If you think that you have found a security issue, don’t use the bug tracker and don’t publish it publicly. Instead, all security issues must be reported via a private vulnerability report.

Please follow the instructions to submit a private report.

Resolving Process

Every submitted security issue is handled with top priority by following these steps:

  1. Confirm the vulnerability
  2. Determine the severity
  3. Contact reporter
  4. Work on a patch
  5. Get a CVE identification number (may be done by the reporter or a security service provider)
  6. Patch reviewing
  7. Tagging a new release for supported versions
  8. Publish security announcement
Learn more about advisories related to pimcore/pimcore in the GitHub Advisory Database