[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 393/411: SECURITY-PROCESS: disclose on hackerone
From: |
gnunet |
Subject: |
[gnurl] 393/411: SECURITY-PROCESS: disclose on hackerone |
Date: |
Wed, 13 Jan 2021 01:23:28 +0100 |
This is an automated email from the git hooks/post-receive script.
nikita pushed a commit to branch master
in repository gnurl.
commit 6703eb2f4cd3cd0cf008e5103e2ec7aa85eabedc
Author: Daniel Stenberg <daniel@haxx.se>
AuthorDate: Thu Dec 3 14:18:51 2020 +0100
SECURITY-PROCESS: disclose on hackerone
Once a vulnerability has been published, the hackerone issue should be
disclosed. For tranparency.
Closes #6275
---
docs/SECURITY-PROCESS.md | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md
index c77ff1778..a5d487adf 100644
--- a/docs/SECURITY-PROCESS.md
+++ b/docs/SECURITY-PROCESS.md
@@ -125,6 +125,14 @@ Publishing Security Advisories
6. On security advisory release day, push the changes on the curl-www
repository's remote master branch.
+Hackerone
+---------
+
+Request the issue to be disclosed. If there are sensitive details present in
+the report and discussion, those should be redacted from the disclosure. The
+default policy is to disclose as much as possible as soon as the vulnerability
+has been published.
+
Bug Bounty
----------
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnurl] 290/411: http: pass correct header size to debug callback for chunked post, (continued)
- [gnurl] 290/411: http: pass correct header size to debug callback for chunked post, gnunet, 2021/01/12
- [gnurl] 377/411: socks: check for DNS entries with the right port number, gnunet, 2021/01/12
- [gnurl] 372/411: file: avoid duplicated code sequence, gnunet, 2021/01/12
- [gnurl] 376/411: curl_setup: USE_RESOLVE_ON_IPS is for Apple native resolver use, gnunet, 2021/01/12
- [gnurl] 292/411: tests: add missing global_init/cleanup calls, gnunet, 2021/01/12
- [gnurl] 356/411: openssl: guard against OOM on context creation, gnunet, 2021/01/12
- [gnurl] 280/411: mailmap: set Viktor Szakats's email, gnunet, 2021/01/12
- [gnurl] 269/411: CI/appveyor: disable test 571 in two cmake builds, gnunet, 2021/01/12
- [gnurl] 326/411: ngtcp2: adapt to recent nghttp3 updates, gnunet, 2021/01/12
- [gnurl] 411/411: add lowercase curl, gnunet, 2021/01/12
- [gnurl] 393/411: SECURITY-PROCESS: disclose on hackerone,
gnunet <=
- [gnurl] 385/411: openssl: free mem_buf in error path, gnunet, 2021/01/12
- [gnurl] 397/411: ftp: retry getpeername for FTP with TCP_FASTOPEN, gnunet, 2021/01/12
- [gnurl] 406/411: RELEASE-NOTES: synced, gnunet, 2021/01/12
- [gnurl] 398/411: Revert "multi: implement wait using winsock events", gnunet, 2021/01/12
- [gnurl] 387/411: NEW-PROTOCOL: document what needs to be done to add one, gnunet, 2021/01/12
- [gnurl] 383/411: ntlm: avoid malloc(0) on zero length user and domain, gnunet, 2021/01/12
- [gnurl] 355/411: cmake: use libcurl.rc in all Windows builds, gnunet, 2021/01/12
- [gnurl] 360/411: curl: add compatibility for Amiga and GCC 6.5, gnunet, 2021/01/12
- [gnurl] 345/411: KNOWN_BUGS: make a new section for cmake topics, gnunet, 2021/01/12
- [gnurl] 274/411: RELEASE-NOTES: synced, gnunet, 2021/01/12