Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Doc

Browse Source
This commit is contained in:
Laurent Destailleur
2023-12-10 14:29:30 +01:00
parent 1add19cecc
commit 8bd8f48425
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
SECURITY.md
View File

@@ -92,8 +92,8 @@ Scope is the web application (backoffice) and the APIs.
* Missing security-related HTTP headers which do not lead directly to a vulnerability
* Reports from automated web vulnerability scanners (Acunetix, Vega, etc.) that have not been validated
* Invalid or missing SPF (Sender Policy Framework) records (Incomplete or missing SPF/DKIM/DMARC)
* Reports on features flagged as "experimental" or "development"
* Reports on features flagged as "deprecated", "experimental" or "development"
* Software version or private IP disclosure when logged-in user is admin
* Stack traces or path disclosure when logged-in user is admin
* Any vulnerabilities due to a configuration different than the one defined in chapter "Scope for qualified vulnerabilities".
* Brute force attacks on login page, password forgotten page or any public pages (/public/*) are not qualified if the fail2ban recommended fail2ban rules were not installed.
* Brute force attacks on login page, password forgotten page or any public pages (/public/*) are not qualified if the recommended fail2ban rules were not installed.