From d97ff54d48c44f14cb5bb6e3a978e4f3991b11a3 Mon Sep 17 00:00:00 2001 From: Koy Date: Thu, 9 Sep 2021 16:11:20 +0800 Subject: [PATCH 1/2] Create SECURITY.md --- SECURITY.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..be9037d09 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,23 @@ +# Security Policy + +If you believe you have found a security vulnerability in docsify, please report it to us asap. + +## Reporting a Vulnerability + +**Please do not report security vulnerabilities through our public GitHub issues.** + +Send email via :email: maintainers@docsifyjs.org to us. + +Please include those information listed below (as much as you can provide) to help us better understand the possible issue: + +- Type of issue (e.g. cross-site scripting) +- Full paths of source file(s) related to the manifestation of the issue +- The location of the affected source code (tag/branch/commit or direct URL) +- Any special configuration required to reproduce the issue +- Step-by-step instructions to reproduce the issue +- Proof-of-concept or exploit code (if possible) +- Impact of the issue, including how an attacker might exploit the issue + +This information will help us triage your report more quickly. + +Thank you in advance. From 711d451a3481becb619daa1b470334cbfeea6792 Mon Sep 17 00:00:00 2001 From: Joe Pea Date: Thu, 9 Sep 2021 20:43:34 -0700 Subject: [PATCH 2/2] Update SECURITY.md --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index be9037d09..1b9f6f908 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -8,14 +8,14 @@ If you believe you have found a security vulnerability in docsify, please report Send email via :email: maintainers@docsifyjs.org to us. -Please include those information listed below (as much as you can provide) to help us better understand the possible issue: +Please include as much of the following information as possible to help us better understand the possible issue: - Type of issue (e.g. cross-site scripting) - Full paths of source file(s) related to the manifestation of the issue - The location of the affected source code (tag/branch/commit or direct URL) - Any special configuration required to reproduce the issue - Step-by-step instructions to reproduce the issue -- Proof-of-concept or exploit code (if possible) +- Proof-of-concept or exploit code - Impact of the issue, including how an attacker might exploit the issue This information will help us triage your report more quickly.