@@ -4,18 +4,19 @@ We take security seriously. Responsible reporting and disclosure of security
44vulnerabilities is important for the protection and privacy of our users. If you
55discover any security vulnerabilities, please follow these guidelines.
66
7- To report a vulnerability, we recommend submitting a report to Snyk using their
8- [ vulnerability disclosure form] ( https://snyk.io/vulnerability-disclosure/ ) .
9- Snyk's security team will validate the vulnerability and coordinate with you and
10- us to fix it, release a patch, and responsibly disclose the vulnerability. Read
11- Snyk's
12- [ Vulnerability Disclosure Policy] ( https://docs.snyk.io/more-info/disclosing-vulnerabilities/disclose-a-vulnerability-in-an-open-source-package )
13- for details.
14-
15- We also request that you send an email to
16- [ [email protected] ] ( mailto:[email protected] ) detailing the vulnerability.
17- This ensures that we can begin work on a fix as soon as possible without waiting
18- for Snyk to contact us.
7+ Published security advisories are available on our [ GitHub Security Advisories]
8+ page.
9+
10+ To report a vulnerability, please draft a [ new security advisory on GitHub] . Any
11+ fields that you are unsure of or don't understand can be left at their default
12+ values. The important part is that the vulnerability is reported. Once the
13+ security advisory draft has been created, we will validate the vulnerability and
14+ coordinate with you to fix it, release a patch, and responsibly disclose the
15+ vulnerability to the public. Read GitHub's documentation on [ privately reporting
16+ a security vulnerability] for details.
17+
18+ If you are unable to draft a security advisory, or if you need help or have
19+ security related questions, please send an email to
[ [email protected] ] .
1920
2021Please do not report undisclosed vulnerabilities on public sites or forums,
2122including GitHub issues and pull requests. Reporting vulnerabilities to the
@@ -27,10 +28,18 @@ public, at which time you will be free to publish details of the vulnerability
2728on public sites and forums.
2829
2930If you have a fix for a security vulnerability, please do not submit a GitHub
30- pull request. Instead, report the vulnerability as described in this policy and
31- include a potential fix in the report. Once the vulnerability has been verified
32- and a disclosure timeline has been decided, we will contact you to see if you
33- would like to submit a pull request.
31+ pull request. Instead, report the vulnerability as described in this policy.
32+ Once we have verified the vulnerability, we can create a [ temporary private
33+ fork] to collaborate on a patch.
3434
3535We appreciate your cooperation in helping keep our users safe by following this
3636policy.
37+
38+ [ github security advisories ] : https://github.com/json5/json5/security/advisories
39+ [ new security advisory on github] :
40+ https://github.com/json5/json5/security/advisories/new
41+ [ privately reporting a security vulnerability] :
42+ https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability
43+ 44+ [ temporary private fork] :
45+ https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability
0 commit comments