From 45680075f075091095ebee03a906a7a47a4a1e0f Mon Sep 17 00:00:00 2001 From: Piotr Galar Date: Fri, 25 Nov 2022 12:17:17 +0100 Subject: [PATCH 1/4] docs: update security policy with private vulnerability reports info --- SECURITY.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 4db2a630818..0e5a3f2e55f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,4 +6,6 @@ By default we provide security patches for the latest released version only. On ## Reporting a Vulnerability -Please reach out to security@libp2p.io. Please do not file a public issue on GitHub. +Please do not file a public issue on GitHub. Instead, please [file a private security vulnerability report](https://github.com/libp2p/rust-libp2p/security/advisories/new). + +If you need further assistance, please reach out to [security@libp2p.io](mailto:security@libp2p.io). From a9862edb77b37509bdfbe4522f86a81d3822db17 Mon Sep 17 00:00:00 2001 From: Piotr Galar Date: Fri, 25 Nov 2022 21:15:19 +0100 Subject: [PATCH 2/4] docs: update information on security reporting in README --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7136f1d50ce..62e34f37120 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,10 @@ This repository is the central place for Rust development of the [libp2p](https: - The **[examples](examples)** folder contains small binaries showcasing the many protocols in this repository. -- For **security related issues** please reach out to security@libp2p.io. Please - do not file a public issue on GitHub. +- For **security related issues** please [file a private security vulnerability + report](https://github.com/libp2p/rust-libp2p/security/advisories/new) + or reach out to [security@libp2p.io](mailto:security@libp2p.io). Please do not + file a public issue on GitHub. - To **report bugs, suggest improvements or request new features** please open a GitHub issue on this repository. From d9efd558a161d1289062a84f336574f72ed8dfe3 Mon Sep 17 00:00:00 2001 From: Piotr Galar Date: Mon, 28 Nov 2022 17:25:47 +0100 Subject: [PATCH 3/4] Update bug_report.md --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index d13ee922496..b225bdd9a1c 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -5,7 +5,7 @@ about: Create a bug report for rust-libp2p. - + ## Summary From 569234070ec5dd3187bd627dc826209a21b32427 Mon Sep 17 00:00:00 2001 From: Piotr Galar Date: Fri, 9 Dec 2022 13:28:56 +0100 Subject: [PATCH 4/4] chore: add issue template that redirects to private vulnerability reporting --- .github/ISSUE_TEMPLATE/config.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index a97175d0a26..5fdf7ed9da4 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,8 +1,11 @@ blank_issues_enabled: true contact_links: + - name: Report a vulnerability + url: https://github.com/libp2p/rust-libp2p/security/advisories/new + about: For security related issues please file a private security vulnerability report. - name: Question url: https://github.com/libp2p/rust-libp2p/discussions/new?category=q-a about: Please ask questions in the rust-libp2p GitHub Discussions forum. - name: Libp2p Discourse Forum url: https://discuss.libp2p.io - about: Discussions and questions related to multiple libp2p implementations. \ No newline at end of file + about: Discussions and questions related to multiple libp2p implementations.