host/julienmonnerie
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update to Kirby 4.7.0

Browse source
This commit is contained in:
Paul Nicoué 2025-04-21 18:57:21 +02:00
parent 02a9ab387c
commit ba25a9a198
509 changed files with 26604 additions and 14872 deletions
Download patch file Download diff file Expand all files Collapse all files

26
kirby/SECURITY.md
View file

@ -1,3 +1,27 @@
# Security Policy
Please see the [Security Policy on the Kirby website](https://getkirby.com/security) for a list of the currently supported Kirby versions and of past security incidents as well as for information on how to report security vulnerabilities in the Kirby core or in the Panel.
## Supported versions and past security incidents
You can find up-to-date information on the security status of each version on <https://getkirby.com/security>.
## Security of your Kirby site
We have a detailed [security guide](https://getkirby.com/docs/guide/security) with information on how to keep your Kirby installation secure.
## Reporting a vulnerability
If you have spotted a vulnerability in Kirby's core or the Panel, please make sure to let us know immediately. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
You can always contact us directly at **<security@getkirby.com>**.
If you want to encrypt your message, our GPG key is [6E6B 057A F491 FFAD 363F 6F49 9101 10FA A459 E120](https://getkirby.com/pgp.asc).
You can also use the [security advisory form on GitHub](https://github.com/getkirby/kirby/security/advisories/new) to securely and privately report a vulnerability to us.
We will send you a response as soon as possible and will keep you informed on our progress towards a fix and announcement.
> [!IMPORTANT]
> Please do not write to us publicly, e.g. in the forum, on Discord or in a GitHub issue. A public report can give attackers valuable time to exploit the issue before it is fixed.
>
> By letting us know directly and coordinating the disclosure with us, you can help to protect other Kirby users from such attacks.
>
> Also please do *not* request a CVE ID from organizations like MITRE. The responsible CVE Numbering Authority (CNA) for Kirby is GitHub. We can and will request a CVE ID for each confirmed vulnerability and will provide it to you in advance of the coordinated release.