From bb5dd6c34bd1842386d9c4285b7aff857b7c8341 Mon Sep 17 00:00:00 2001 From: Chris Reynolds Date: Tue, 19 Sep 2023 15:55:54 -0600 Subject: [PATCH] [CMSP-480] vdp readme update (#256) * add mvdp info to readmes * update pr # * Pull update from changelog Co-authored-by: Phil Tyler --------- Co-authored-by: Phil Tyler --- README.md | 4 ++++ readme.txt | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/README.md b/README.md index 99055232..915fd35d 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,10 @@ To override this use the `pantheon_session_expiration` filter before the WordPre See [CONTRIBUTING.md](https://github.com/pantheon-systems/wp-native-php-sessions/blob/main/CONTRIBUTING.md) for information on contributing. +## Security Policy +### Reporting Security Bugs +Please report security bugs found in the Native PHP Sessions plugin's source code through the [Patchstack Vulnerability Disclosure Program](https://patchstack.com/database/vdp/wp-native-php-sessions). The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin. + ## Frequently Asked Questions ## ### Why not use another session plugin? ### diff --git a/readme.txt b/readme.txt index 09574bb8..18e59a88 100644 --- a/readme.txt +++ b/readme.txt @@ -57,6 +57,10 @@ PHP's fallback default functionality is to allow sessions to be stored in a temp However, if you intend to scale your application, local tempfiles are a dangerous choice. They are not shared between different instances of the application, producing erratic behavior that can be impossible to debug. By storing them in the database the state of the sessions is shared across all application instances. += Where do I report security bugs found in this plugin? = + +Please report security bugs found in the source code of the WP Native PHP Sessions plugin through the [Patchstack Vulnerability Disclosure Program](https://patchstack.com/database/vdp/wp-native-php-sessions). The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin. + == Troubleshooting == If you see an error like "Fatal error: session_start(): Failed to initialize storage module:" or "Warning: ini_set(): A session is active.", then you likely have a plugin that is starting a session before WP Native PHP Sessions is loading.