Skip to content

Commit

Permalink
chore: update repository templates to ory/meta@939b80f
Browse files Browse the repository at this point in the history
  • Loading branch information
aeneasr committed Aug 27, 2024
1 parent 65f52bb commit 0d360b0
Show file tree
Hide file tree
Showing 2 changed files with 84 additions and 45 deletions.
66 changes: 36 additions & 30 deletions .github/ISSUE_TEMPLATE/BUG-REPORT.yml
Original file line number Diff line number Diff line change
@@ -1,43 +1,48 @@
# AUTO-GENERATED, DO NOT EDIT!
# Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/BUG-REPORT.yml

description: "Create a bug report"
description: 'Create a bug report'
labels:
- bug
name: "Bug Report"
name: 'Bug Report'
body:
- attributes:
value: "Thank you for taking the time to fill out this bug report!\n"
type: markdown
- attributes:
label: "Preflight checklist"
label: 'Preflight checklist'
options:
- label: "I could not find a solution in the existing issues, docs, nor
discussions."
- label:
'I could not find a solution in the existing issues, docs, nor
discussions.'
required: true
- label: "I agree to follow this project's [Code of
- label:
"I agree to follow this project's [Code of
Conduct](https://github.com/ory/examples/blob/master/CODE_OF_CONDUCT.md)."
required: true
- label: "I have read and am following this repository's [Contribution
- label:
"I have read and am following this repository's [Contribution
Guidelines](https://github.com/ory/examples/blob/master/CONTRIBUTING.md)."
required: true
- label: "I have joined the [Ory Community Slack](https://slack.ory.sh)."
- label: "I am signed up to the [Ory Security Patch
Newsletter](https://www.ory.sh/l/sign-up-newsletter)."
- label:
'I have joined the [Ory Community Slack](https://slack.ory.sh).'
- label:
'I am signed up to the [Ory Security Patch
Newsletter](https://www.ory.sh/l/sign-up-newsletter).'
id: checklist
type: checkboxes
- attributes:
description:
"Enter the slug or API URL of the affected Ory Network project. Leave
empty when you are self-hosting."
label: "Ory Network Project"
placeholder: "https://<your-project-slug>.projects.oryapis.com"
'Enter the slug or API URL of the affected Ory Network project. Leave
empty when you are self-hosting.'
label: 'Ory Network Project'
placeholder: 'https://<your-project-slug>.projects.oryapis.com'
id: ory-network-project
type: input
- attributes:
description: "A clear and concise description of what the bug is."
label: "Describe the bug"
placeholder: "Tell us what you see!"
description: 'A clear and concise description of what the bug is.'
label: 'Describe the bug'
placeholder: 'Tell us what you see!'
id: describe-bug
type: textarea
validations:
Expand All @@ -51,27 +56,28 @@ body:
1. Run `docker run ....`
2. Make API Request to with `curl ...`
3. Request fails with response: `{"some": "error"}`
label: "Reproducing the bug"
label: 'Reproducing the bug'
id: reproduce-bug
type: textarea
validations:
required: true
- attributes:
description: "Please copy and paste any relevant log output. This will be
description:
'Please copy and paste any relevant log output. This will be
automatically formatted into code, so no need for backticks. Please
redact any sensitive information"
label: "Relevant log output"
redact any sensitive information'
label: 'Relevant log output'
render: shell
placeholder: |
log=error ....
id: logs
type: textarea
- attributes:
description:
"Please copy and paste any relevant configuration. This will be
'Please copy and paste any relevant configuration. This will be
automatically formatted into code, so no need for backticks. Please
redact any sensitive information!"
label: "Relevant configuration"
redact any sensitive information!'
label: 'Relevant configuration'
render: yml
placeholder: |
server:
Expand All @@ -80,14 +86,14 @@ body:
id: config
type: textarea
- attributes:
description: "What version of our software are you running?"
description: 'What version of our software are you running?'
label: Version
id: version
type: input
validations:
required: true
- attributes:
label: "On which operating system are you observing this issue?"
label: 'On which operating system are you observing this issue?'
options:
- Ory Network
- macOS
Expand All @@ -98,19 +104,19 @@ body:
id: operating-system
type: dropdown
- attributes:
label: "In which environment are you deploying?"
label: 'In which environment are you deploying?'
options:
- Ory Network
- Docker
- "Docker Compose"
- "Kubernetes with Helm"
- 'Docker Compose'
- 'Kubernetes with Helm'
- Kubernetes
- Binary
- Other
id: deployment
type: dropdown
- attributes:
description: "Add any other context about the problem here."
description: 'Add any other context about the problem here.'
label: Additional Context
id: additional
type: textarea
63 changes: 48 additions & 15 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,21 +10,54 @@

<!-- END doctoc generated TOC please keep comment here to allow auto update -->

# Security Policy

## Supported Versions

We release patches for security vulnerabilities. Which versions are eligible for
receiving such patches depends on the CVSS v3.0 Rating:

| CVSS v3.0 | Supported Versions |
| --------- | ----------------------------------------- |
| 9.0-10.0 | Releases within the previous three months |
| 4.0-8.9 | Most recent release |
# Ory Security Policy

## Overview

This security policy outlines the security support commitments for different
types of Ory users.

## Apache 2.0 License Users

- **Security SLA:** No security Service Level Agreement (SLA) is provided.
- **Release Schedule:** Releases are planned every 3 to 6 months. These releases
will contain all security fixes implemented up to that point.
- **Version Support:** Security patches are only provided for the current
release version.

## Ory Enterprise License Customers

- **Security SLA:** The following timelines apply for security vulnerabilities
based on their severity:
- Critical: Resolved within 14 days.
- High: Resolved within 30 days.
- Medium: Resolved within 90 days.
- Low: Resolved within 180 days.
- Informational: Addressed as needed.
- **Release Schedule:** Updates are provided as soon as vulnerabilities are
resolved, adhering to the above SLA.
- **Version Support:** Depending on the Ory Enterprise License agreement
multiple versions can be supported.

## Ory Network Users

- **Security SLA:** The following timelines apply for security vulnerabilities
based on their severity:
- Critical: Resolved within 14 days.
- High: Resolved within 30 days.
- Medium: Resolved within 90 days.
- Low: Resolved within 180 days.
- Informational: Addressed as needed.
- **Release Schedule:** Updates are automatically deployed to Ory Network as
soon as vulnerabilities are resolved, adhering to the above SLA.
- **Version Support:** Ory Network always runs the most current version.

[Get in touch](https://www.ory.sh/contact/) to learn more about Ory's security
SLAs and process.

## Reporting a Vulnerability

Please report (suspected) security vulnerabilities to
**[security@ory.sh](mailto:security@ory.sh)**. You will receive a response from
us within 48 hours. If the issue is confirmed, we will release a patch as soon
as possible depending on complexity but historically within a few days.
If you suspect a security vulnerability, please report it to
**[security@ory.sh](mailto:security@ory.sh)**. We will respond within 48 hours.
If confirmed, we will work to release a patch as soon as possible, typically
within a few days depending on the issue's complexity.

0 comments on commit 0d360b0

Please sign in to comment.