[ Mini Kiebo ]
Server: Windows NT DESKTOP-5B8S0D4 6.2 build 9200 (Windows 8 Professional Edition) i586
Path:
D:
/
Backup
/
14082024
/
Data
/
htdocs
/
htdocs
/
jurnal-kesmas
/
baru
/
[
Home
]
File: SECURITY.md
# Security Policy ## Supported Versions | Version | Supported | End Of Life | | ------- | ----------------------------------------------------- | ------------- | | 3.5.x | :x: Pre-release | 2026 (est) | | 3.4.x | :heavy_check_mark: Active development | 2025 (est) | | 3.3.x | :heavy_check_mark: Active maintenance | 2026 (est) | | 3.2.x | :x: Not supported | 2023 | | 3.1.x | :x: Not supported | 2022 | | 3.0.x | :x: Not supported | 2022 | | 2.x | :x: Not supported | 2021 | | 1.x | :x: Not supported | 2005 (approx) | ## Reporting a Vulnerability To report a vulnerability, please contact PKP privately using: pkp.contact@gmail.com You can expect a response via email to acknowledge your report within 2 working days. PKP will then work to verify the vulnerability and assess the risk. This is typically done within the first week of a report. Once these details are known, PKP will file a Github issue entry with limited details for tracking purposes. This initial report will not include enough information to fully disclose the vulnerability but will serve as a point of reference for development and fixes once they are available. When a fix is available, PKP will contact its user community privately via mailing list with details of the fix, and leave a window of typically 2 weeks for community members to patch or upgrade before public disclosure. PKP then discloses the vulnerability publicly by updating the Github issue entry with complete details and adding a notice about the vulnerability to the software download page (e.g. https://pkp.sfu.ca/software/ojs). At this point, a CVE and credit for the discovery may be added to the entry. Depending on the severity of the issue PKP may back-port fixes to releases that are beyond the formal software end-of-life. We aim to have a fix available within a week of notification.