Hostux/github.com_burnett01_rsync-deployments
1
0
Fork 1
mirror of https://github.com/Burnett01/rsync-deployments.git synced 2025-12-07 00:22:20 +01:00
Code Issues Projects Releases Packages Wiki Activity
github.com_burnett01_rsync-.../SECURITY.md
Steven 05a269aeea
v8 - 8.0.0 (#88) 
* feat: latest Alpine 3.23.0
* feat: latest Rsync 3.4.1-r1
* feat: integrate [rsync-docker](https://github.com/JoshPiper/rsync-docker/) 3rd party into this action as 1st party code (no more dependency, better audit, single source of truth)
   - backported:
       - agent-start
       - agent-stop
       - agent-askpass
       - agent-add
       - hosts-add
       - hosts-clear
   - new added: 
       - ssh-init
       - hosts-init
   - improved: 
     - stricter permissions on .ssh/ folder (700) and known_hosts (600)
     - use set -eu in all scipts
* feat: new ``strict_host_keys`` option to enable support for strict host key verification. Default: false (to keep backward compatibility)
* feat: new ``debug`` option to see the commands executed (-x) by this action
* feat: this action is now scanned for vulnerabilities by Snyk
* feat; this action is now scanned by CodeQL for Q/A
* feat: this action now performs CI tasks such as Validation, Linting and Unit Tests
* fix: various shell syntax for robustness
* fix: use printf and redirect output to non-stdout instead of echo in sensitive code locations
* refactor: use $HOME instead of tilde ~ for robustness
* feat: cross-platform support
* chore: Deprecate 7.0.2
* chore: EOL 7.0.0 & 7.0.1
2025-12-06 16:57:20 +01:00

1.1 KiB
Raw Blame History

Security Policy

The Docker image and code quality are regularly checked for vulnerabilities and CVEs by Snyk and CodeQL.

Supported Versions

The following versions are currently being supported with security updates:

Version Supported Rsync version Alpine version
8.0.0 >= 3.4.1-r1 3.23.0
7.1.0 >= 3.4.1-r0 3.22.1
7.0.2 ⚠️ DEPRECATED >= 3.4.0-r0 3.22.1
7.0.1 EOL < 3.4.0 3.22.1
7.0.0 EOL < 3.4.0 3.19.1
6.x EOL < 3.4.0 3.17.2
5.x EOL < 3.4.0 3.11 - 3.14.1 - 3.15 - 3.16 - 3.17.2
4.x EOL < 3.4.0 3.11
3.0 EOL < 3.4.0 N/A
2.0 EOL < 3.4.0 Ubuntu
1.0 EOL < 3.4.0 Ubuntu

Terminology

EOL = End of life (no support/no updates)

DEPRECATED = Close to EOL (support/no updates)

Reporting a Vulnerability

You can report a vulnerability by creating an issue.