From 02f582eca0958870f8466407aa28d4faac3ac323 Mon Sep 17 00:00:00 2001 From: Jeff Atwood Date: Tue, 11 Sep 2018 12:43:52 -0700 Subject: [PATCH] add recent security commits info --- docs/SECURITY.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/SECURITY.md b/docs/SECURITY.md index 01fc37fb19c..27d4fefd37f 100644 --- a/docs/SECURITY.md +++ b/docs/SECURITY.md @@ -6,6 +6,8 @@ We take security very seriously at Discourse. We welcome any peer review of our In order to give the community time to respond and upgrade we strongly urge you report all security issues privately. Please use our [vulnerability disclosure program at Hacker One](https://hackerone.com/discourse) to provide details and repro steps and we will respond ASAP. If you prefer not to use Hacker One, email us directly at `team@discourse.org` with details and repro steps. Security issues *always* take precedence over bug fixes and feature work. We can and do mark releases as "urgent" if they contain serious security fixes. +For a list of recent security commits, check [our GitHub commits prefixed with SECURITY](https://github.com/discourse/discourse/search?utf8=%E2%9C%93&q=SECURITY&type=Commits). + ### Password Storage Discourse uses the PBKDF2 algorithm to encrypt salted passwords. This algorithm is blessed by NIST. Security experts on the web [tend to agree that PBKDF2 is a secure choice](http://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage).