Skip to content

Comments

chore: add SECURITY.md#7724

Merged
martinjagodic merged 5 commits intomainfrom
security_md
Feb 20, 2026
Merged

chore: add SECURITY.md#7724
martinjagodic merged 5 commits intomainfrom
security_md

Conversation

@martinjagodic
Copy link
Member

@martinjagodic martinjagodic commented Feb 13, 2026

Adds a document outlining the security policy for the Decap CMS project

@martinjagodic martinjagodic requested a review from a team as a code owner February 13, 2026 10:52
@github-actions github-actions bot added the type: chore work needed to keep the product and development running smoothly label Feb 13, 2026
Copilot AI reviewed Feb 13, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a SECURITY.md file to document Decap CMS’s security policy, including supported versions and a vulnerability reporting process.

Changes:

  • Introduces a Security Policy document (SECURITY.md)
  • Documents supported versions and lifecycle status
  • Describes the coordinated disclosure process and reporting instructions

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@martinjagodic
Update SECURITY.md
4e2dfae 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
yanthomasdev
yanthomasdev requested changes Feb 18, 2026
View reviewed changes
Copy link
Contributor

@yanthomasdev yanthomasdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @martinjagodic, I have a few suggestions and comments here.

SECURITY.md Outdated

If you discover a security vulnerability in Decap CMS, please report it **confidentially** through our dedicated reporting process.

**Submit your report at:** https://decapcms.org/report-vulnerability
Copy link
Contributor

@yanthomasdev yanthomasdev Feb 18, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This link doesn't work for me. nevermind, just saw it is open in a decap-website PR

I think we should allow multiple reporting sources, the form will not always be available, and we want to make it as convenient as possible so that the more security issues are reported. For example, I think we can enable GitHub's security advisory and add an security email like security@decapcms.org.

Copy link
Member Author

@martinjagodic martinjagodic Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's go with GitHub Security Advisories only for now. I updated the document.

@martinjagodic martinjagodic enabled auto-merge (squash) February 19, 2026 14:08
yanthomasdev
yanthomasdev approved these changes Feb 20, 2026
View reviewed changes
Copy link
Contributor

@yanthomasdev yanthomasdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@martinjagodic martinjagodic merged commit 482aa6f into main Feb 20, 2026
17 of 18 checks passed
@martinjagodic martinjagodic deleted the security_md branch February 20, 2026 12:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@yanthomasdev yanthomasdev yanthomasdev approved these changes

Assignees

No one assigned

Labels

type: chore work needed to keep the product and development running smoothly

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@martinjagodic @yanthomasdev