jmiller
64c58153fc
Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 5s
Joomla: Extension CI / Lint & Validate (pull_request) Failing after 7s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Universal: PR Check / Secret Scan (pull_request) Successful in 5s
Universal: PR Check / Validate PR (pull_request) Failing after 4s
Generic: Repo Health / Access control (pull_request) Successful in 1s
Generic: Repo Health / Site Health (pull_request) Has been skipped
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 8s
Universal: Auto Version Bump / Version Bump (push) Has been cancelled
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Has been cancelled
Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Has been cancelled
Joomla: Extension CI / PHPStan Analysis (pull_request) Has been cancelled
Joomla: Extension CI / Build RC Pre-Release (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Security Policy
Supported Versions
| Version | Supported |
|---|---|
| Latest stable | ✅ Full support |
| Previous major | ⚠️ Critical fixes only |
| Older | ❌ No support |
Reporting a Vulnerability
Do not report security vulnerabilities via public issues.
Instead, please report them privately:
- Email: security@mokoconsulting.tech
- Subject:
[SECURITY] <Repository Name> - <Brief Description>
What to Include
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Suggested fix (if any)
Severity Classification
| Severity | Description | Response Time |
|---|---|---|
| Critical | Remote code execution, SQL injection, auth bypass | 24 hours |
| High | XSS, CSRF, privilege escalation | 48 hours |
| Medium | Information disclosure, path traversal | 72 hours |
| Low | Best practice violation, hardening suggestion | Next release |
Remediation Timeline
- Acknowledgement: Within 24 hours of report
- Assessment: Within 72 hours
- Fix development: Based on severity
- Release: Patch release with security advisory
- Disclosure: Coordinated disclosure after fix is available
Security Best Practices
For Contributors
- Never commit secrets, credentials, or API keys
- Use parameterised queries (no raw SQL concatenation)
- Validate and sanitise all user input
- Follow Joomla API for access control checks
- Use Joomla's
HTMLHelperfor output escaping - Include SPDX license headers in all source files
For Users
- Keep Joomla and all extensions updated
- Use strong, unique passwords
- Enable two-factor authentication
- Review file permissions regularly
- Monitor Joomla error logs
Security Updates
Security patches are delivered through the standard update channel. Critical fixes may receive an emergency out-of-band release.
Responsible Disclosure
We follow coordinated disclosure practices:
- We will work with reporters to understand and reproduce the issue
- We will develop and test a fix
- We will credit reporters (with permission) in security advisories
- We ask that reporters allow reasonable time for a fix before public disclosure
Contact
- Security team: security@mokoconsulting.tech
- General: hello@mokoconsulting.tech
Thank you for helping keep Moko Consulting projects secure.