Skip to content

Security: specify/specify7

SECURITY.md

Security Policy

Supported Versions

We support the latest two major point releases by providing timely updates and patches, offering detailed documentation and tutorials on new features, and provide customer support.

For non-security issues, our support team is always available to help with troubleshooting and answer any questions. We also have a large online community of users who are willing to share their experiences and help each other out. You can visit the Specify Community Forum to ask any questions you may have about configuration or deployment.

Version Supported
7.9.x
7.8.x
< 7.8

We support the latest version of Specify 6 only. You can report vulnerabilities or other issues for that application on the Specify 6 GitHub repository.

Reporting a Vulnerability

Specify 7

Please contact support@specifysoftware.org immediately if you encounter any security vulnerability in Specify 7 in addition to creating a new bug report in the GitHub repository where it will be reviewed by the development team within 24 hours.

Users can expect updates on reported vulnerabilities on a regular basis. If the vulnerability is accepted, the development team will work to provide a fix as soon as possible. If the vulnerability is declined, the development team will provide an explanation as to why it was not accepted.

Vulnerability in Docker

If you encounter a security issue in Docker, the best place to start is the Docker Security page. This page provides information on reporting security issues, as well as links to the Docker Security Advisory Board (DSAB) and the Docker Security Research Team.

Vulnerability in the Database Management System (DBMS)

  • MySQL

    If you encounter a security issue in MySQL, you can report it to the MySQL issue tracking system.

  • MariaDB

    If you encounter a security issue in MariaDB, you should report it to their security team. The security team will review your report and contact you with an update on the status of the vulnerability.

There aren’t any published security advisories