photoprism/SECURITY.md

# Security Policy

**Please contact us at [security@photoprism.app](mailto:security@photoprism.app) when you have discovered a potential security issue.** You are welcome to also report vulnerabilities in third-party applications that we may not be able to fix directly.

At a minimum, your report should include the following:

- version and architecture
- vulnerability description
- reproduction steps

We will then try to reproduce the problem, determine the impact and get back to you as soon as possible.
Confirmed vulnerabilities will be fixed within 90 days, depending on the severity and whether third-party
packages are affected.

**Responsible Disclosure:**

1. Confirm that the vulnerability applies to a current version and is reproducible
2. First share the vulnerability details with us so that users are not put at risk
3. Wait before publishing details until everyone has had a chance to update

*Avoid activities that disrupt, degrade, or interrupt our services or compromise other users' data, such as spam, brute force attacks, denial of service attacks, and malicious file distribution.*
Docs: Update SECURITY.md 2022-02-02 09:11:15 +00:00			`# Security Policy`
Create SECURITY.md 2021-05-31 15:06:18 +00:00
Docs: Update SECURITY.md 2022-02-02 09:11:15 +00:00			`Please contact us at [security@photoprism.app](mailto:security@photoprism.app) when you have discovered a potential security issue. You are welcome to also report vulnerabilities in third-party applications that we may not be able to fix directly.`
Update SECURITY.md 2022-01-15 16:26:29 +00:00
Update SECURITY.md 2021-10-23 16:31:29 +00:00			`At a minimum, your report should include the following:`
Create SECURITY.md 2021-05-31 15:06:18 +00:00
Docs: Update SECURITY.md 2022-02-02 09:11:15 +00:00			`- version and architecture`
			`- vulnerability description`
			`- reproduction steps`
Create SECURITY.md 2021-05-31 15:06:18 +00:00
Update SECURITY.md 2021-10-23 16:31:29 +00:00			`We will then try to reproduce the problem, determine the impact and get back to you as soon as possible.`
Docs: Update SECURITY.md 2022-02-02 09:11:15 +00:00			`Confirmed vulnerabilities will be fixed within 90 days, depending on the severity and whether third-party`
			`packages are affected.`
Create SECURITY.md 2021-05-31 15:06:18 +00:00
Docs: Update SECURITY.md 2022-02-02 09:11:15 +00:00			`Responsible Disclosure:`
Create SECURITY.md 2021-05-31 15:06:18 +00:00
Docs: Update SECURITY.md 2022-02-02 09:11:15 +00:00			`1. Confirm that the vulnerability applies to a current version and is reproducible`
			`2. First share the vulnerability details with us so that users are not put at risk`
			`3. Wait before publishing details until everyone has had a chance to update`
Update SECURITY.md 2021-10-23 16:31:29 +00:00
Docs: Update SECURITY.md 2022-02-02 09:11:15 +00:00			`Avoid activities that disrupt, degrade, or interrupt our services or compromise other users' data, such as spam, brute force attacks, denial of service attacks, and malicious file distribution.`