Hostux/github.com_burnett01_rsync-deployments
1
0
Fork 1
mirror of https://github.com/Burnett01/rsync-deployments.git synced 2025-12-07 00:22:20 +01:00
Code Issues Projects Releases Packages Wiki Activity
github.com_burnett01_rsync-.../SECURITY.md
Steven 05a269aeea
v8 - 8.0.0 (#88) 
* feat: latest Alpine 3.23.0
* feat: latest Rsync 3.4.1-r1
* feat: integrate [rsync-docker](https://github.com/JoshPiper/rsync-docker/) 3rd party into this action as 1st party code (no more dependency, better audit, single source of truth)
   - backported:
       - agent-start
       - agent-stop
       - agent-askpass
       - agent-add
       - hosts-add
       - hosts-clear
   - new added: 
       - ssh-init
       - hosts-init
   - improved: 
     - stricter permissions on .ssh/ folder (700) and known_hosts (600)
     - use set -eu in all scipts
* feat: new ``strict_host_keys`` option to enable support for strict host key verification. Default: false (to keep backward compatibility)
* feat: new ``debug`` option to see the commands executed (-x) by this action
* feat: this action is now scanned for vulnerabilities by Snyk
* feat; this action is now scanned by CodeQL for Q/A
* feat: this action now performs CI tasks such as Validation, Linting and Unit Tests
* fix: various shell syntax for robustness
* fix: use printf and redirect output to non-stdout instead of echo in sensitive code locations
* refactor: use $HOME instead of tilde ~ for robustness
* feat: cross-platform support
* chore: Deprecate 7.0.2
* chore: EOL 7.0.0 & 7.0.1
2025-12-06 16:57:20 +01:00

31 lines
1.1 KiB
Markdown
Raw Blame History

# Security Policy
The Docker image and code quality are regularly checked for vulnerabilities and CVEs by Snyk and CodeQL.
## Supported Versions
The following versions are currently being supported with security updates:
| Version | Supported | Rsync version | Alpine version |
| ------- | ------------------ | ------------------ | ------------------ |
| 8.0.0 | :white_check_mark: | >= 3.4.1-r1 | 3.23.0 |
| 7.1.0 | :white_check_mark: | >= 3.4.1-r0 | 3.22.1 |
| 7.0.2 | :warning: DEPRECATED | >= 3.4.0-r0 | 3.22.1 |
| 7.0.1 | :x: EOL | < 3.4.0 | 3.22.1 |
| 7.0.0 | :x: EOL | < 3.4.0| 3.19.1 |
| 6.x | :x: EOL |< 3.4.0| 3.17.2 |
| 5.x | :x: EOL |< 3.4.0| 3.11 - 3.14.1 - 3.15 - 3.16 - 3.17.2 |
| 4.x | :x: EOL |< 3.4.0| 3.11 |
| 3.0 | :x: EOL |< 3.4.0| N/A |
| 2.0 | :x: EOL |< 3.4.0| Ubuntu |
| 1.0 | :x: EOL |< 3.4.0| Ubuntu |
### Terminology
EOL = End of life (no support/no updates)
DEPRECATED = Close to EOL (support/no updates)
## Reporting a Vulnerability
You can report a vulnerability by creating an issue.
Reference in a new issue View git blame Copy permalink