Skip to content

Security: empiricompany/openmage

Security

.github/SECURITY.md

Security Policy

OpenMage LTS is a fork of Magento CE 1.9 which provides a place for the Magento community to continue to contribute to the Magento 1 code base. We appreciate you disclosing important security vulnerabilities responsibly and privately by following the easy process defined below.

We will keep the details of your security vulnerability report private and only share it with verified members of our organization or our partner organizations and only on an as-needed basis.

Supported Versions

OpenMage LTS Tag Magento Version Branch Supported
~20.0.4 1.9.4.5 20.0
~19.4.8 1.9.4.5 1.9.4.x
- <= 1.9.4.4 multiple

Reporting a Vulnerability

To report a vulnerability, please DO NOT open a public Issue or Pull Request.

Please email your security vulnerability report to security@openmage.org along with your Github user name so that once we create a security advisory you may be added to it as a collaborator for further review.

We will review the advisory and work with you to find a suitable solution. We will publicly disclose the vulnerability once a patch is prepared and our community and partners have an easy path forward to apply the patch promptly. We will be sure to give you credit for the vulnerability discovery unless you request otherwise.

Limitation of Liability

As per section 8 of the OSL 3.0 license by which this source code is made available to the general public, we offer this source code only on a "use at your own risk" basis.

  1. Limitation of Liability. Under no circumstances and under no legal theory, whether in tort (including negligence), contract, or otherwise, shall the Licensor be liable to anyone for any indirect, special, incidental, or consequential damages of any character arising as a result of this License or the use of the Original Work including, without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses. This limitation of liability shall not apply to the extent applicable law prohibits such limitation.

For the full text see LICENSE.md.

There aren’t any published security advisories