Update security policy for 1.x and 2.x #14081

mtreinish · 2025-03-24T16:15:19Z

Summary

With the 1.x release we're extending security support for Qiskit to 1 yr. We still only support 1.x for general bugfixes for 6 months after the 2.0.0 release. But for 1.x if any security vulnerabilities are identified we will provide fixes for that up to 1 yr after the release of 2.0.0. This was reflected in the 1.4.0 release notes and is on the version strategy docs:

https://docs.quantum.ibm.com/open-source/qiskit-sdk-version-strategy

but we forgot to update the security policy document in the Qiskit repo. This commit fixes this oversight.

Details and comments

With the 1.x release we're extending security support for Qiskit to 1 yr. We still only support 1.x for general bugfixes for 6 months after the 2.0.0 release. But for 1.x if any security vulnerabilities are identified we will provide fixes for that up to 1 yr after the release of 2.0.0. This was reflected in the 1.4.0 release notes and is on the version strategy docs: https://docs.quantum.ibm.com/open-source/qiskit-sdk-version-strategy but we forgot to update the security policy document in the Qiskit repo. This commit fixes this oversight.

qiskit-bot · 2025-03-24T16:15:23Z

One or more of the following people are relevant to this code:

@Qiskit/terra-core

ElePT

LGTM, I just have a couple of minor suggestions

SECURITY.md

Co-authored-by: Elena Peña Tapia <57907331+ElePT@users.noreply.github.com>

coveralls · 2025-03-24T18:24:18Z

Pull Request Test Coverage Report for Build 14041444933

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

For more information on this, see Tracking coverage changes with pull request builds.
To avoid this issue with future PRs, see these Recommended CI Configurations.
For a quick fix, rebase this PR at GitHub. Your next report should be accurate.

Details

0 of 0 changed or added relevant lines in 0 files are covered.
18 unchanged lines in 3 files lost coverage.
Overall coverage decreased (-0.02%) to 88.056%

Files with Coverage Reduction	New Missed Lines	%
crates/accelerate/src/unitary_synthesis.rs	1	94.79%
crates/qasm2/src/lex.rs	5	92.48%
crates/qasm2/src/parse.rs	12	97.15%

Totals
Change from base Build 14034596400:	-0.02%
Covered Lines:	72613
Relevant Lines:	82462

💛 - Coveralls

* Update security policy for 1.x and 2.x With the 1.x release we're extending security support for Qiskit to 1 yr. We still only support 1.x for general bugfixes for 6 months after the 2.0.0 release. But for 1.x if any security vulnerabilities are identified we will provide fixes for that up to 1 yr after the release of 2.0.0. This was reflected in the 1.4.0 release notes and is on the version strategy docs: https://docs.quantum.ibm.com/open-source/qiskit-sdk-version-strategy but we forgot to update the security policy document in the Qiskit repo. This commit fixes this oversight. * Update SECURITY.md Co-authored-by: Elena Peña Tapia <57907331+ElePT@users.noreply.github.com> --------- Co-authored-by: Elena Peña Tapia <57907331+ElePT@users.noreply.github.com> (cherry picked from commit cd05386)

* Update security policy for 1.x and 2.x With the 1.x release we're extending security support for Qiskit to 1 yr. We still only support 1.x for general bugfixes for 6 months after the 2.0.0 release. But for 1.x if any security vulnerabilities are identified we will provide fixes for that up to 1 yr after the release of 2.0.0. This was reflected in the 1.4.0 release notes and is on the version strategy docs: https://docs.quantum.ibm.com/open-source/qiskit-sdk-version-strategy but we forgot to update the security policy document in the Qiskit repo. This commit fixes this oversight. * Update SECURITY.md Co-authored-by: Elena Peña Tapia <57907331+ElePT@users.noreply.github.com> --------- Co-authored-by: Elena Peña Tapia <57907331+ElePT@users.noreply.github.com> (cherry picked from commit cd05386) Co-authored-by: Matthew Treinish <mtreinish@kortar.org>

mtreinish added documentation Something is not clear or an error documentation Changelog: None Do not include in changelog labels Mar 24, 2025

mtreinish requested a review from a team as a code owner March 24, 2025 16:15

ElePT reviewed Mar 24, 2025

View reviewed changes

SECURITY.md Outdated Show resolved Hide resolved

Update SECURITY.md

8fe13bd

Co-authored-by: Elena Peña Tapia <57907331+ElePT@users.noreply.github.com>

ElePT approved these changes Mar 25, 2025

View reviewed changes

ElePT added the stable backport potential The bug might be minimal and/or import enough to be port to stable label Mar 25, 2025

ElePT added this pull request to the merge queue Mar 25, 2025

Merged via the queue into Qiskit:main with commit cd05386 Mar 25, 2025
21 checks passed

mergify bot mentioned this pull request Mar 25, 2025

Update security policy for 1.x and 2.x (backport #14081) #14090

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update security policy for 1.x and 2.x #14081

Update security policy for 1.x and 2.x #14081

Uh oh!

mtreinish commented Mar 24, 2025

Uh oh!

qiskit-bot commented Mar 24, 2025

Uh oh!

ElePT left a comment

Uh oh!

Uh oh!

coveralls commented Mar 24, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Update security policy for 1.x and 2.x #14081

Update security policy for 1.x and 2.x #14081

Uh oh!

Conversation

mtreinish commented Mar 24, 2025

Summary

Details and comments

Uh oh!

qiskit-bot commented Mar 24, 2025

Uh oh!

ElePT left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coveralls commented Mar 24, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Pull Request Test Coverage Report for Build 14041444933

Warning: This coverage report may be inaccurate.

Details

💛 - Coveralls

Uh oh!

Uh oh!

Uh oh!

coveralls commented Mar 24, 2025 •

edited

Loading