Leochaileacht agus láimhseáil teagmhas¶

Product vulnerability reports¶

See also

Léigh Úsáid AI chun fadhbanna a chruthú le do thoil i gcás gur úsáid tú AI chun fadhb slándála a aimsiú i Weblate.

Tá foireann forbartha Weblate tiomanta go láidir do thuairisciú freagrach agus nochtadh saincheisteanna a bhaineann le slándáil. Ghlacamar le beartais atá dírithe ar nuashonruithe slándála tráthúla a sheachadadh do Weblate agus leanaimid iad.

Product vulnerability reports cover security issues in Weblate source code, release artifacts, and documented Weblate security properties. They do not replace operational incident response for a particular deployment.

Tuairiscítear formhór na bhfabhtanna gnáth i Weblate chuig ár rianaitheoir saincheisteanna GitHub poiblí, ach mar gheall ar nádúr íogair saincheisteanna slándála, iarraimid gan iad a thuairisciú go poiblí ar an mbealach seo.

Ina áit sin, má chreideann tú go bhfuil rud éigin aimsithe agat in Weblate a bhfuil impleachtaí slándála aige, seol tuairisc ar an gceist chuig security@weblate.org, GitHub, nó ag baint úsáide as HackerOne.

Self-hosted operators should use this process when they believe an incident in their own deployment is caused by a Weblate product vulnerability. Local containment, recovery, customer notification, provider escalation, and other deployment-specific incident response remain the operator's responsibility.

Freagróidh ball den fhoireann slándála tú laistigh de 48 uair an chloig, agus ag brath ar an ngníomh a dhéantar, is féidir go bhfaighidh tú tuilleadh ríomhphoist leantacha.

Note

Tuairiscí criptithe á seoladh

Más mian leat ríomhphost criptithe a sheoladh (roghnach), bain úsáid as an eochair phoiblí do security@weblate.org leis an aitheantóir 8EA7 6E43 0976 3323 C2E3 D5A0 C472 9F23 8A80 EA93.

Tá an eochair phoiblí seo ar fáil ar na freastalaithe eochracha is coitianta a úsáidtear, ag baint úsáide as WKD nó go díreach ó weblate.org.

Hint

Braitheann Weblate ar chomhpháirteanna tríú páirtí le haghaidh go leor rudaí. I gcás go bhfaighidh tú leochaileacht a dhéanann difear do cheann de na comhpháirteanna sin i gcoitinne, cuir in iúl don tionscadal faoi seach é le do thoil.

Seo cuid acu:

Weblate-operated service incidents¶

Operational incidents affecting Hosted Weblate, Dedicated Weblate, or other deployments operated by Weblate s.r.o. are handled using Plean freagartha teagmhais do Weblate.

When such an incident also involves a Weblate product vulnerability, the vulnerability report and public advisory follow the product vulnerability reporting process and Polasaí nochta leochaileachta on this page.

Self-hosted deployment incidents¶

Operators of self-hosted Weblate deployments are responsible for their local incident response process, including containment, recovery, notification, and provider-specific escalation. The Weblate-operated Plean freagartha teagmhais do Weblate can be used as a reference, but it is not a maintained incident response plan for third-party deployments.

If a self-hosted incident appears to be caused by a Weblate product vulnerability, report it using the product vulnerability reporting process above.

Polasaí nochta leochaileachta¶

For Weblate product vulnerabilities, within 30 days following a release containing a vulnerability fix, a security advisory is published at https://github.com/WeblateOrg/weblate/security/advisories. The advisory is available immediately with a release when possible.

Any actively exploited Weblate vulnerability, or any severe incident affecting Weblate-operated services, is notified to CSIRT within 24 hours, general info is provided to CSIRT within 72 hours, and a full report is provided within 14 days.

Cuirtear fógra laistigh de 7 lá do gach úsáideoir de Weblate Óstáilte nó Tiomnaithe a bhfuil teagmhas tromchúiseach nó leochaileacht a shaothraítear go gníomhach ag cur isteach orthu.