diff options
| author | Mitja Felicijan <mitja.felicijan@gmail.com> | 2026-01-21 22:40:55 +0100 |
|---|---|---|
| committer | Mitja Felicijan <mitja.felicijan@gmail.com> | 2026-01-21 22:40:55 +0100 |
| commit | 5d8dfe892a2ea89f706ee140c3bdcfd89fe03fda (patch) | |
| tree | 1acdfa5220cd13b7be43a2a01368e80d306473ca /examples/redis-unstable/SECURITY.md | |
| parent | c7ab12bba64d9c20ccd79b132dac475f7bc3923e (diff) | |
| download | crep-5d8dfe892a2ea89f706ee140c3bdcfd89fe03fda.tar.gz | |
Add Redis source code for testing
Diffstat (limited to 'examples/redis-unstable/SECURITY.md')
| -rw-r--r-- | examples/redis-unstable/SECURITY.md | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/examples/redis-unstable/SECURITY.md b/examples/redis-unstable/SECURITY.md new file mode 100644 index 0000000..a2637d8 --- /dev/null +++ b/examples/redis-unstable/SECURITY.md @@ -0,0 +1,50 @@ +# Security Policy + +## Supported Versions + +Redis is generally backward compatible with very few exceptions, so we +recommend users to always use the latest version to experience stability, +performance and security. + +We generally backport security issues to a single previous major version, +unless this is not possible or feasible with a reasonable effort. + +| Version | Supported | +|---------|------------------------------------------------------------------------| +| 8.2.x | :white_check_mark: | +| 8.0.x | :white_check_mark: | +| 7.4.x | :white_check_mark: | +| 7.2.x | :white_check_mark: support extended till 7.4 end of support | +| < 7.2.x | :x: | +| 6.2.x | :white_check_mark: support extended - may be removed after end of 2025 | +| < 6.2.x | :x: | + +## Reporting a Vulnerability + +If you believe you've discovered a serious vulnerability, please contact the +Redis core team at redis@redis.io. We will evaluate your report and if +necessary issue a fix and an advisory. If the issue was previously undisclosed, +we'll also mention your name in the credits. + +## Responsible Disclosure + +In some cases, we may apply a responsible disclosure process to reported or +otherwise discovered vulnerabilities. We will usually do that for a critical +vulnerability, and only if we have a good reason to believe information about +it is not yet public. + +This process involves providing an early notification about the vulnerability, +its impact and mitigations to a short list of vendors under a time-limited +embargo on public disclosure. + +If you believe you should be on the list, please contact us and we will +consider your request based on the above criteria. + +## License Compatibility + +For security vulnerability patches released under Redis Open Source 7.4 and +thereafter, Redis permits users of earlier versions (7.2 and prior) to access +patches under the BSD3 license noted in REDISCONTRIBUTIONS.txt instead of the +full license requirements described in LICENSE.txt. Security fixes are tested +only against the specific versions for which they are provided. Applicability +or portability to other versions or forks has not been evaluated. |