Skip to content

Latest commit

 

History

History
30 lines (19 loc) · 2.09 KB

SECURITY.md

File metadata and controls

30 lines (19 loc) · 2.09 KB

Security Policy

The GeoNetwork community takes the security of the software and all services based on the software product seriously. On this page you can find the versions for which the community provides security patches.

If you believe you have found a security vulnerability in the software or an implementation of the software, please report it to geonetwork@osgeo.org as described below. Do not publish the vulnerability in any public forums (such as twitter, email list or issue tracker).

Supported Versions

Each GeoNetwork release is supported with bug fixes for a limited period, with patch releases made approximately every three to six months.

  • We recommend to update to latest incremental release as soon as possible to address security vulnarabilities.
  • Some overlap is provided when major versions are announced with both a current version and a maintenance version being made available to provide time for organizations to upgrade.
Version Supported Comment
4.2.x Current version
4.0.x Maintenance version
3.12.x Maintenance version

If your organisation is making use of a GeoNetwork version that is no longer in use by the community all is not lost. You can volunteer on the developer list to make additional releases, or engage with one of our Commercial Support providers.

Reporting a Vulnerability

If you encounter a security vulnerability in GeoNetwork please take care to report in a responsible fashion:

  • Keep exploit details out of mailing list and issue tracker (send details to the Project Steering Committee via geonetwork@osgeo.org)
  • Be prepared to work with community members on a solution
  • Keep in mind community members are volunteers and an extensive fix may require fundraising / resources

For more information see How to contribute.