mirror of
https://bitbucket.org/jsuto/piler.git
synced 2024-11-07 23:31:58 +01:00
40e4dd4844
Signed-off-by: Janos SUTO <sj@acts.hu>
21 lines
742 B
Markdown
21 lines
742 B
Markdown
Disclosure policy
|
|
|
|
If you find a security issue, please contact the project owner at sj@acts.hu
|
|
with the details (ie. piler version, details of the setup, how to exploit the
|
|
vulnerability, etc).
|
|
|
|
Please provide 30 days for verifying the vulnerability, fixing the issue, and
|
|
notifying the piler users.
|
|
|
|
Security update policy
|
|
|
|
If a security vulnerability has found, the details, possible mitigations,
|
|
workarounds, etc. will be shared on the piler mailing list (piler-user@list.acts.hu)
|
|
and on the wiki: https://www.mailpiler.org/
|
|
|
|
Security configurations
|
|
|
|
- Use https for the GUI
|
|
- Reset the default passwords for admin and auditor
|
|
- Use the smtp acl feature to restrict SMTP access to the archive, see https://mailpiler.com/smtp-acl-list/
|