forked from extern/ohmyzsh
chore: update security docs and link to huntr.dev
This commit is contained in:
parent
841f3cb0bb
commit
29b344a710
@ -16,6 +16,7 @@ To learn more, visit [ohmyz.sh](https://ohmyz.sh), follow [@ohmyzsh](https://twi
|
|||||||
[![Follow @ohmyzsh](https://img.shields.io/twitter/follow/ohmyzsh?label=Follow+@ohmyzsh&style=flat)](https://twitter.com/intent/follow?screen_name=ohmyzsh)
|
[![Follow @ohmyzsh](https://img.shields.io/twitter/follow/ohmyzsh?label=Follow+@ohmyzsh&style=flat)](https://twitter.com/intent/follow?screen_name=ohmyzsh)
|
||||||
[![Discord server](https://img.shields.io/discord/642496866407284746)](https://discord.gg/ohmyzsh)
|
[![Discord server](https://img.shields.io/discord/642496866407284746)](https://discord.gg/ohmyzsh)
|
||||||
[![Gitpod ready](https://img.shields.io/badge/Gitpod-ready-blue?logo=gitpod)](https://gitpod.io/#https://github.com/ohmyzsh/ohmyzsh)
|
[![Gitpod ready](https://img.shields.io/badge/Gitpod-ready-blue?logo=gitpod)](https://gitpod.io/#https://github.com/ohmyzsh/ohmyzsh)
|
||||||
|
[![huntr.dev](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev/bounties/disclose/?utm_campaign=ohmyzsh%2Fohmyzsh&utm_medium=social&utm_source=github&target=https%3A%2F%2Fgithub.com%2Fohmyzsh%2Fohmyzsh)
|
||||||
|
|
||||||
## Getting Started
|
## Getting Started
|
||||||
|
|
||||||
|
12
SECURITY.md
12
SECURITY.md
@ -3,7 +3,8 @@
|
|||||||
## Supported Versions
|
## Supported Versions
|
||||||
|
|
||||||
At the moment Oh My Zsh only considers the very latest commit to be supported.
|
At the moment Oh My Zsh only considers the very latest commit to be supported.
|
||||||
We combine that with our fast response to incidents, so risk is minimized.
|
We combine that with our fast response to incidents and the automated updates
|
||||||
|
to minimize the time between vulnerability publication and patch release.
|
||||||
|
|
||||||
| Version | Supported |
|
| Version | Supported |
|
||||||
|:-------------- |:------------------ |
|
|:-------------- |:------------------ |
|
||||||
@ -14,9 +15,10 @@ In the near future we will introduce versioning, so expect this section to chang
|
|||||||
|
|
||||||
## Reporting a Vulnerability
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
If you find a vulnerability, email all the maintainers directly at:
|
**Do not submit an issue or pull request**: this might reveal the vulnerability.
|
||||||
|
|
||||||
- Robby: robby [at] planetargon.com
|
Instead, you should email the maintainers directly at: [**security@ohmyz.sh**](mailto:security@ohmyz.sh).
|
||||||
- Marc: hello [at] mcornella.com
|
|
||||||
|
|
||||||
**Do not open an issue or Pull Request directly**, because it might reveal the vulnerability.
|
We will deal with the vulnerability privately and submit a patch as soon as possible.
|
||||||
|
|
||||||
|
You can also submit your vulnerability report to [huntr.dev](https://huntr.dev/bounties/disclose/?utm_campaign=ohmyzsh%2Fohmyzsh&utm_medium=social&utm_source=github&target=https%3A%2F%2Fgithub.com%2Fohmyzsh%2Fohmyzsh) and see if you can get a bounty reward.
|
||||||
|
Loading…
Reference in New Issue
Block a user