# Vulnerability Management Policy

This document formally describes the process of addressing and managing a
reported vulnerability that has been found in the MinIO server code base,
any directly connected ecosystem component or a direct / indirect dependency
of the code base.

## Scope

The vulnerability management policy described in this document covers the
process of investigating, assessing and resolving a vulnerability report

./mc ready myminio

./mc admin user add myminio/ minio123 minio123
./mc admin user add myminio/ minio12345 minio12345

./mc admin policy create myminio/ rw ./docs/distributed/rw.json
./mc admin policy create myminio/ lake ./docs/distributed/rw.json

./mc admin policy attach myminio/ rw --user=minio123
./mc admin policy attach myminio/ lake --user=minio12345

./mc mb -l myminio/versioned

./mc mirror internal myminio/versioned/ --quiet >/dev/null

    @Override
    public boolean isUpdateRequired(Artifact artifact, ArtifactRepository repository) {
        File file = artifact.getFile();

        ArtifactRepositoryPolicy policy = artifact.isSnapshot() ? repository.getSnapshots() : repository.getReleases();

        if (!policy.isEnabled()) {
            if (getLogger().isDebugEnabled()) {
                getLogger()

/dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" ${MC} admin policy set myminio $POLICY user=$USER else echo "User '$USER' has no policy attached."...

/dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" ${MC} admin policy set myminio $POLICY user=$USER else echo "User '$USER' has no policy attached."...

/dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" ${MC} admin policy set myminio $POLICY user=$USER else echo "User '$USER' has no policy attached."...

/dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" ${MC} admin policy set myminio $POLICY user=$USER else echo "User '$USER' has no policy attached."...

	exit_1
fi

./mc admin policy remove minio3 projecta

sleep 10
./mc admin policy info minio1 projecta
if [ $? -eq 0 ]; then
	echo "expecting the command to fail, exiting.."
	exit_1
fi

./mc admin policy info minio2 projecta
if [ $? -eq 0 ]; then
	echo "expecting the command to fail, exiting.."
	exit_1
fi

./mc admin policy create minio1 projecta ./docs/site-replication/rw.json
sleep 5

	var ldapOpts []cr.LDAPIdentityOpt
	if sessionPolicyFile != "" {
		var policy string
		if f, err := os.Open(sessionPolicyFile); err != nil {
			log.Fatalf("Unable to open session policy file %s: %v", sessionPolicyFile, err)
		} else {
			bs, err := io.ReadAll(f)
			if err != nil {
				log.Fatalf("Error reading session policy file: %v", err)
			}
			policy = string(bs)
		}
		ldapOpts = append(ldapOpts, cr.LDAPIdentityPolicyOpt(policy))

# Security Policy

## Supported Versions

We support the past two Go releases (for example, Go 1.17.x and Go 1.18.x when Go 1.18.x is the latest stable release).

See https://go.dev/wiki/Go-Release-Cycle and in particular the
[Release Maintenance](https://go.dev/wiki/Go-Release-Cycle#release-maintenance)
part of that page.

## Reporting a Vulnerability