Vulnerability and incident handling¶
Rapporter les problèmes de sécurité¶
Voir aussi
Please read Using AI to create issues in case you have used AI to discover a security issue in Weblate.
Weblate’s development team is strongly committed to responsible reporting and disclosure of security-related issues. We have adopted and follow policies that are geared toward delivering timely security updates to Weblate.
Most normal bugs in Weblate are reported to our public GitHub issues tracker, but due to the sensitive nature of security issues, we ask them not to be publicly reported in this fashion.
A la place, si vous croyez avoir trouvé quelque chose dans Weblate qui porterait atteint à la sécurité, veuillez soumettre la description du problème à security@weblate.org, GitHub, ou utiliser HackerOne.
Un membre de l’équipe sécurité vous répondra dans les 48 heures et en fonction de l’action qui aura été décidée vous pourrez recevoir d’autres courriels ultérieurement.
Note
Envoyer des rapports cryptés
If you want to send an encrypted email (optional), please use the public
key for michal@weblate.org with ID 3CB 1DF1 EF12 CF2A C0EE 5A32 9C27 B313
42B7 511D. This public key is available on the most commonly used key servers,
and from Keybase.
Indication
Weblate dépend de composants tiers pour plusieurs sujets. Si vous rencontrez une faille affectant l’un de ces composants en général, veuillez la rapporter directement au projet concerné.
Dont :
Vulnerability disclosure policy¶
Within 30 days following a release containing a vulnerability fix, a security advisory is published at https://github.com/WeblateOrg/weblate/security/advisories. The advisory is available immediately with a release when possible.
Any actively exploited vulnerability or severe incidents are notified to CSIRT within 24 hours, general info is provided to CSIRT within 72 hours, and a full report is provided within 14 days.
All users of Hosted or Dedicated Weblate impacted by a severe incident or an actively exploited vulnerability are notified within 7 days.