Skip to content

Latest commit

 

History

History
11 lines (6 loc) · 1.14 KB

SECURITY.md

File metadata and controls

11 lines (6 loc) · 1.14 KB

Security Policy

Creating a security policy that fits your specific local environment before making use of ImageMagick is highly advised.

Supported Versions

We encourage users to upgrade to the latest ImageMagick release to ensure that all known security vulnerabilities are addressed. On request, we can backport security fixes to other ImageMagick versions.

Reporting a Vulnerability

Before you post a vulnerability, first determine if the vulnerability can be mitigated by a properly curated security policy. Next, verify your policy using the validation tool. Now use a development container, available in the .devcontainer/security folder, to verify that the security issue can be reproduced with the latest source code and your security policy. If you feel confident that the security policy does not address the vulnerability, post the vulnerability as a security advisory. Most vulnerabilities are reviewed and resolved within 48 hours.