File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -196,6 +196,27 @@ out a better way, forward the email you receive to
196196 [ Security release stewards] ( https://github.com/nodejs/node/blob/HEAD/doc/contributing/security-release-process.md#security-release-stewards ) .
197197 If necessary add the next rotation of the steward rotation.
198198
199+ ## When things go wrong
200+
201+ ### Incomplete fixes
202+
203+ When a CVE is reported as fixed in a security release and it turns out that the
204+ fix was incomplete, a new CVE should be used to cover subsequent fix. This
205+ is best practice and avoids confusion that might occur if people believe
206+ they have patched the original CVE by updating their Node.js version and
207+ then we later change the ` fixed in ` value for the CVE.
208+
209+ ### Updating CVEs
210+
211+ The steps to correct CVE information are:
212+
213+ * Go to the “CVE IDs” section in your program
214+ sections (< https://hackerone.com/nodejs/cve_requests > )
215+ * Click the “Request a CVE ID” button
216+ * Enter the CVE ID that needs to be updated
217+ * Include all the details that need updating within the form
218+ * Submit the request
219+
199220[ H1 CVE requests ] : https://hackerone.com/nodejs/cve_requests
200221[ docker-node ] : https://github.com/nodejs/docker-node/issues
201222[ email ] : https://groups.google.com/forum/#!forum/nodejs-sec
You can’t perform that action at this time.
0 commit comments