MokoConsulting/MokoSuiteNPO
1
0
Fork 0
Code Issues 16 Pull Requests Releases 3 Wiki Activity
Files
development
MokoSuiteNPO/SECURITY.md
T
jmiller ac4acd81ac
Universal: Auto Version Bump / Version Bump (push) Successful in 12s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 20s
Details
chore: add SECURITY.md from Template-Joomla
2026-06-28 07:15:32 +00:00

2.6 KiB
Raw Permalink Blame History

Security Policy

Supported Versions

Version Supported
Latest stable Full support
Previous major ⚠️ Critical fixes only
Older No support

Reporting a Vulnerability

Do not report security vulnerabilities via public issues.

Instead, please report them privately:

  1. Email: security@mokoconsulting.tech
  2. Subject: [SECURITY] <Repository Name> - <Brief Description>

What to Include

  • Description of the vulnerability
  • Steps to reproduce
  • Affected versions
  • Potential impact
  • Suggested fix (if any)

Severity Classification

Severity Description Response Time
Critical Remote code execution, SQL injection, auth bypass 24 hours
High XSS, CSRF, privilege escalation 48 hours
Medium Information disclosure, path traversal 72 hours
Low Best practice violation, hardening suggestion Next release

Remediation Timeline

  1. Acknowledgement: Within 24 hours of report
  2. Assessment: Within 72 hours
  3. Fix development: Based on severity
  4. Release: Patch release with security advisory
  5. Disclosure: Coordinated disclosure after fix is available

Security Best Practices

For Contributors

  • Never commit secrets, credentials, or API keys
  • Use parameterised queries (no raw SQL concatenation)
  • Validate and sanitise all user input
  • Follow Joomla API for access control checks
  • Use Joomla's HTMLHelper for output escaping
  • Include SPDX license headers in all source files

For Users

  • Keep Joomla and all extensions updated
  • Use strong, unique passwords
  • Enable two-factor authentication
  • Review file permissions regularly
  • Monitor Joomla error logs

Security Updates

Security patches are delivered through the standard update channel. Critical fixes may receive an emergency out-of-band release.

Responsible Disclosure

We follow coordinated disclosure practices:

  • We will work with reporters to understand and reproduce the issue
  • We will develop and test a fix
  • We will credit reporters (with permission) in security advisories
  • We ask that reporters allow reasonable time for a fix before public disclosure

Contact

Thank you for helping keep Moko Consulting projects secure.

Reference in New Issue View Git Blame Copy Permalink