# Vulnerability Management Policy

This document formally describes the process of addressing and managing a
reported vulnerability that has been found in the MinIO server code base,
any directly connected ecosystem component or a direct / indirect dependency
of the code base.

## Scope

The vulnerability management policy described in this document covers the
process of investigating, assessing and resolving a vulnerability report

	// Also, future updates to AWS might require larger sizes.
	Credentials auth.Credentials `xml:",omitempty"`

	// A percentage value that indicates the size of the policy in packed form.
	// The service rejects any policy with a packed size greater than 100 percent,
	// which means the policy exceeded the allowed space.
	PackedPolicySize int `xml:",omitempty"`
}

	"io"
	"net/http"
	"strconv"

	jsoniter "github.com/json-iterator/go"
	"github.com/minio/madmin-go/v3"
	"github.com/minio/minio/internal/config/storageclass"
	"github.com/minio/mux"
	"github.com/minio/pkg/v3/policy"
)

var (
	// error returned when remote tier already exists
	errTierAlreadyExists = AdminError{
		Code:       "XMinioAdminTierAlreadyExists",
		Message:    "Specified remote tier already exists",

	"github.com/minio/minio/internal/config/identity/openid"
	"github.com/minio/mux"
	"github.com/minio/pkg/v3/ldap"
	"github.com/minio/pkg/v3/policy"
)

func addOrUpdateIDPHandler(ctx context.Context, w http.ResponseWriter, r *http.Request, isUpdate bool) {
	objectAPI, cred := validateAdminReq(ctx, w, r, policy.ConfigUpdateAdminAction)
	if objectAPI == nil {
		return
	}

	if r.ContentLength > maxEConfigJSONSize || r.ContentLength == -1 {

		objRetention.Mode, byPassSet, r, cred, owner)
	if apiErr == ErrAccessDenied {
		return errAuthentication
	}
	return nil
}

// checkPutObjectLockAllowed enforces object retention policy and legal hold policy
// for requests with WORM headers
// See https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-managing.html for the spec.

                ArtifactRepositoryPolicy policy = metadata.getPolicy(repository);

                File file =
                        new File(localRepo.getBasedir(), localRepo.pathOfLocalRepositoryMetadata(metadata, repository));
                boolean update;

                if (!policy.isEnabled()) {
                    update = false;

	"strconv"
	"time"

	"github.com/minio/minio/internal/bucket/lifecycle"
	xhttp "github.com/minio/minio/internal/http"
	"github.com/minio/minio/internal/logger"
	"github.com/minio/mux"
	"github.com/minio/pkg/v3/policy"
)

const (
	// Lifecycle configuration file.
	bucketLifecycleConfig = "lifecycle.xml"
)

// PutBucketLifecycleHandler - This HTTP handler stores given bucket lifecycle configuration as per

    @Override
    public boolean isUpdateRequired(Artifact artifact, ArtifactRepository repository) {
        File file = artifact.getFile();

        ArtifactRepositoryPolicy policy = artifact.isSnapshot() ? repository.getSnapshots() : repository.getReleases();

        if (!policy.isEnabled()) {
            if (getLogger().isDebugEnabled()) {
                getLogger()

/dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" ${MC} admin policy set myminio $POLICY user=$USER else echo "User '$USER' has no policy attached."...

/dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy for user if [ ! -z $POLICY -a $POLICY != " " ] ; then echo "Adding policy '$POLICY' for '$USER'" ${MC} admin policy set myminio $POLICY user=$USER else echo "User '$USER' has no policy attached."...