Skip to content

Latest commit

 

History

History
15 lines (9 loc) · 1.57 KB

SECURITY.md

File metadata and controls

15 lines (9 loc) · 1.57 KB

Security Policy

Reporting a Vulnerability

We make every effort to ensure speedy analysis of reported issues and, where required, provide workarounds and updated application releases to fix them. If you see suspected issues/security scan results please report them by sending an email to:

[email protected]

All submitted information is viewed only by members of the DNN Security Task Force, and will not be discussed outside the Task Force without the permission of the person/company who reported the issue. Each confirmed issue is assigned a severity level (critical, moderate, or low) corresponding to its potential impact on the security of DNN installations.

  • Critical means the issue can be exploited by a remote attacker to gain access to DNN data or functionality. All critical issue security bulletins include a recommended workaround or fix that should be applied as soon as possible.
  • Moderate means the issue can compromise data or functionality on a portal/website only if some other condition is met (e.g. a particular module or a user within a particular role is required). Moderate issue security bulletins typically include recommended actions to resolve the issue.
  • Low means the issue is very difficult to exploit or has a limited potential impact.

The Security Task Force then issues a security bulletin via DNN security forum posts and, where judged necessary, email. The bulletin provides details about the issue, the DNN versions impacted, and suggested fixes or workarounds. Security bulletins are issued as required.