(fineract) branch develop updated: tighten scope for security reporters

Sat, 16 May 2026 11:33:11 -0700 

This is an automated email from the ASF dual-hosted git repository.

meonkeys pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git


The following commit(s) were added to refs/heads/develop by this push:
     new 51d8e71455 tighten scope for security reporters
     new 54ac8de1f7 Merge pull request #5854 from 
meonkeys/FINERACT-2608-3psec-doc
51d8e71455 is described below

commit 51d8e71455e56ef135edd4736873920d273f6332
Author: Adam Monsen <[email protected]>
AuthorDate: Fri May 15 12:19:50 2026 -0700

    tighten scope for security reporters
    
    ...in general, with specific mention of Mifos since it is often confused
    with Fineract.
    
    see https://issues.apache.org/jira/browse/FINERACT-2608
---
 fineract-doc/src/docs/en/chapters/security/index.adoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fineract-doc/src/docs/en/chapters/security/index.adoc 
b/fineract-doc/src/docs/en/chapters/security/index.adoc
index b8399890b0..4eb134eb7d 100644
--- a/fineract-doc/src/docs/en/chapters/security/index.adoc
+++ b/fineract-doc/src/docs/en/chapters/security/index.adoc
@@ -2,7 +2,7 @@
 
 Fineract is *secure by design*. It is designed and built from the ground up to 
accept, manage, and present data securely. This chapter will detail its various 
security-related features and settings, along with best practices for secure 
deployment.
 
-If you believe you have found a security vulnerability in Fineract itself, 
https://fineract.apache.org/#contribute[let us know privately].
+If you believe you have found a security vulnerability in Fineract itself, 
https://fineract.apache.org/#contribute[let us know privately]. Report security 
issues in third party code (for example, the 
https://github.com/openMF/web-app[Mifos X Web UI]) to the appropriate third 
party, not Fineract.
 
 Your task as bank CTO, sysadmin, vendor, or other entity responsible for 
hosting Fineract securely is to thoroughly consider these sections and 
thoughtfully apply them in your work. While a Fineract release _is_ secure by 
design, it is _not_ sufficient for a sysadmin to simply start it up and hope 
for the best. Careful steps must be taken to ensure a deployment is and remains 
secure despite software environment changes, attacks, staff transitions, and 
anything else that may arise.

Reply via email to