Update security policy for 1.x and 2.x (backport #14081) #14090
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Update security policy for 1.x and 2.x With the 1.x release we're extending security support for Qiskit to 1 yr. We still only support 1.x for general bugfixes for 6 months after the 2.0.0 release. But for 1.x if any security vulnerabilities are identified we will provide fixes for that up to 1 yr after the release of 2.0.0. This was reflected in the 1.4.0 release notes and is on the version strategy docs: https://docs.quantum.ibm.com/open-source/qiskit-sdk-version-strategy but we forgot to update the security policy document in the Qiskit repo. This commit fixes this oversight. * Update SECURITY.md Co-authored-by: Elena Peña Tapia <57907331+ElePT@users.noreply.github.com> --------- Co-authored-by: Elena Peña Tapia <57907331+ElePT@users.noreply.github.com> (cherry picked from commit cd05386)
|
Thank you for opening a new pull request. Before your PR can be merged it will first need to pass continuous integration tests and be reviewed. Sometimes the review process can be slow, so please be patient. While you're waiting, please feel free to review other open PRs. While only a subset of people are authorized to approve pull requests for merging, everyone is encouraged to review open pull requests. Doing reviews helps reduce the burden on the core team and helps make the project's code better for everyone. One or more of the following people are relevant to this code:
|
Pull Request Test Coverage Report for Build 14056151245Details
💛 - Coveralls |
ElePT
approved these changes
Mar 25, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
With the 1.x release we're extending security support for Qiskit to 1 yr. We still only support 1.x for general bugfixes for 6 months after the 2.0.0 release. But for 1.x if any security vulnerabilities are identified we will provide fixes for that up to 1 yr after the release of 2.0.0. This was reflected in the 1.4.0 release notes and is on the version strategy docs:
https://docs.quantum.ibm.com/open-source/qiskit-sdk-version-strategy
but we forgot to update the security policy document in the Qiskit repo. This commit fixes this oversight.
Details and comments
This is an automatic backport of pull request #14081 done by [Mergify](https://mergify.com).