CivicTheme
  • Docs
  • Changelog
  • Getting started
    • Introduction
    • Installation
    • Getting help
    • Security policy
    • Partnerships
  • Installation
    • Drupal theme
  • Contributing
    • Contribution model
    • Contribution basics
    • Small contribution spec
    • Medium contribution spec
    • Major (RFC-level) contribution spec
    • Code of conduct
    • Figma contributions
  • Components
    • Component list
  • Content Authoring
    • Overview
    • Global settings
      • Favicon
      • Header
        • Site slogan
        • Header logos
        • Primary navigation
        • Secondary navigation
      • Banner
      • Search
      • Link
      • Skip link
      • Side navigation
      • Signup
      • Footer
        • Footer logo
        • Social links
        • Footer navigation
        • Acknowledgement of Country
        • Copyright
      • Colours
    • Content types
      • Page
        • Configure the banner
      • Event
      • Alert
    • Content components
      • Accordion
      • Automated list
      • Attachment
      • Callout
      • Campaign
      • Content
        • Quote
      • iFrame
      • Manual List
        • Event card
        • Event reference card
        • Navigation card
        • Navigation reference card
        • Promo card
        • Promo reference card
        • Publication card
        • Service card
        • Subject card
        • Subject reference card
        • Snippet
      • Map
      • Next step
      • Promo
      • Slider
      • Webform
    • Vocabularies
      • Topics
      • Site sections
    • User accounts & roles
Powered by GitBook
On this page
  • Supported versions
  • Reporting a vulnerability
  • Drupal Theme security disclosures
  • What happens when a vulnerability is reported

Was this helpful?

Edit on GitHub
Export as PDF
  1. Getting started

Security policy

This document outlines security procedures and general policies for the CivicTheme project.

PreviousGetting helpNextPartnerships

Last updated 7 months ago

Was this helpful?

Supported versions

We follow a N and N-1 supported version model.

We support the current and prior minor release of CivicTheme and their accompanying UI Kit. This means that if the latest release is 1.8.1 we are supporting the following:

  • 1.8.1 (latest release)

  • 1.7.4 (last minor release)

But we are not supporting 1.8.0 or 1.7.3 and below. In addition to the above model, we will also make available security release patches for the 1.4 version of CivicTheme and 0.9 version due to the difficulty in updating from these models.


Reporting a vulnerability

The CivicTheme team and community take all security bugs in CivicTheme seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

If you’ve found a vulnerability, we would like to know so we can fix it. Email with details of the vulnerability.

Alternatively, information is provided below for disclosing security vulnerability for the Drupal theme and UI Kit.

How to report

  • Use the GitHub Security Advisory "Report a Vulnerability" tab to report the ema

  • Emailing us at

  • Contacting us on

What to detail in a disclosure

  • a brief description of the vulnerability

  • the CivicTheme version(s) the vulnerability affects

  • repository / website where the vulnerability can be observed

  • non-destructive steps to replicate the bug

The security team will may ask for additional information or guidance. Report security bugs in third-party modules to the person or team maintaining the module.


Drupal Theme security disclosures


What happens when a vulnerability is reported

When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:

  • Confirm the problem and determine the affected versions

  • Audit code to find any potential similar problems

  • Prepare security releases for supported versions

  • Prepare patches for earlier supported versions

Notifications and releases

We will provide notifications of security releases and vulnerabilities through the following channels:

Use the CivicTheme’s Drupal Project issue tracker.

slack:

civictheme@salsa.digital
civictheme@salsa.digital
Slack
Report a Security Issue
#civictheme-designsystem
CivicTheme Project on Drupal.org
CivicTheme UI Kit on GitHub