diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000000..0effb10d97 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,5 @@ +# Security + +See https://docs.wagtail.org/en/latest/contributing/security.html. + +This information can also be found in our security.txt: https://wagtail.org/.well-known/security.txt diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index b65da7c7d3..0000000000 --- a/SECURITY.md +++ /dev/null @@ -1,7 +0,0 @@ -# Security - -We take the security of Wagtail, and related packages we maintain, seriously. If you have found a security issue with any of our projects please email us at security@wagtail.org so we can work together to find and patch the issue. We appreciate responsible disclosure with any security related issues, so please contact us first before creating a Github issue. - -If you want to send an encrypted email (optional), the public key ID for security@wagtail.org is [0xbed227b4daf93ff9](https://keyserver.ubuntu.com/pks/lookup?search=0xbed227b4daf93ff9&fingerprint=on&op=index), and this public key is available from most commonly-used keyservers. - -This information can also be found in our security.txt: https://docs.wagtail.org/.well-known/security.txt diff --git a/docs/contributing/security.md b/docs/contributing/security.md index e821d71b57..d95924f276 100644 --- a/docs/contributing/security.md +++ b/docs/contributing/security.md @@ -1,5 +1,9 @@ # Reporting security issues +```{warning} +Ensure you are viewing our [latest security policy](https://docs.wagtail.org/en/latest/contributing/security.html). +``` + ```{note} Please report security issues **only** to [security@wagtail.org](mailto:security@wagtail.org). ``` @@ -13,6 +17,8 @@ Once you've submitted an issue via email, you should receive an acknowledgement If you want to send an encrypted email (optional), the public key ID for is `0xbed227b4daf93ff9`, and this public key is available from most commonly-used keyservers. +This information can also be found in our [security.txt](https://wagtail.org/.well-known/security.txt). + Django security issues should be reported directly to the Django Project, following [Django's security policies](https://docs.djangoproject.com/en/dev/internals/security/) (upon which Wagtail's own policies are based). ## Supported versions diff --git a/docs/public/.well-known/security.txt b/docs/public/.well-known/security.txt deleted file mode 100644 index b4810a528d..0000000000 --- a/docs/public/.well-known/security.txt +++ /dev/null @@ -1,6 +0,0 @@ -Contact: mailto:security@wagtail.org -Preferred-Languages: en -Canonical: https://docs.wagtail.org/.well-known/security.txt -Encryption: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x220b7102b615b692e37d886dbed227b4daf93ff9 -Expires: 2024-01-27T19:43:00.000Z -Policy: https://github.com/wagtail/wagtail/security/policy