From 7af8fdf8986ecfd813ff5fe0b6d3057f68214f30 Mon Sep 17 00:00:00 2001
From: Jean-Christian Denis <contact@jcdenis.fr>
Date: Sat, 14 Dec 2024 11:56:31 +0100
Subject: [PATCH] add security section to readme file

---
 README.md | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 296f6a8..c48cd0c 100644
--- a/README.md
+++ b/README.md
@@ -290,13 +290,23 @@ or use Dotclear buitin update system but themes wiil not be updated.
 * Add mail support.
 
 
-### 5. CONTRIBUTING
+### 5. SECURITY
+
+* Nginx master process runs as root and set uid/gid to user www
+* PHP-FPM master process runs as root and set uid/gid to user www
+* Docker image entrypoint runs as root and set runuser to www at its end
+* Dotclear application files are chown to user www
+
+For security report see [SECURITY file](/SECURITY.md) or open a ticket on github repository.
+
+
+### 6. CONTRIBUTING
 
 This image is an open source project. If you'd like to contribute, please read the [CONTRIBUTING file](/CONTRIBUTING.md).
 You can submit a pull request, or feel free to use any other way you'd prefer.
 
 
-### 6. LICENSE
+### 7. LICENSE
 
 Copyright Jean-Christian Paul Denis
 AGPL-v3 <https://www.gnu.org/licenses/agpl-3.0.html>