Home Explore Help
Sign In
HonorLee
/
ohmyzsh
mirror of https://github.com/ohmyzsh/ohmyzsh.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

chore: update security docs and link to huntr.dev

Marc Cornellà 2 years ago
parent
841f3cb0bb
commit
29b344a710
2 changed files with 8 additions and 5 deletions
Unified View Show Diff Stats
  1. 1 0
      README.md
  2. 7 5
      SECURITY.md

+ 1 - 0
README.md
View File 

@@ -16,6 +16,7 @@ To learn more, visit [ohmyz.sh](https://ohmyz.sh), follow [@ohmyzsh](https://twi
 
 [![Follow @ohmyzsh](https://img.shields.io/twitter/follow/ohmyzsh?label=Follow+@ohmyzsh&style=flat)](https://twitter.com/intent/follow?screen_name=ohmyzsh)
 
 [![Follow @ohmyzsh](https://img.shields.io/twitter/follow/ohmyzsh?label=Follow+@ohmyzsh&style=flat)](https://twitter.com/intent/follow?screen_name=ohmyzsh)
 
 [![Discord server](https://img.shields.io/discord/642496866407284746)](https://discord.gg/ohmyzsh)
 
 [![Discord server](https://img.shields.io/discord/642496866407284746)](https://discord.gg/ohmyzsh)
 
 [![Gitpod ready](https://img.shields.io/badge/Gitpod-ready-blue?logo=gitpod)](https://gitpod.io/#https://github.com/ohmyzsh/ohmyzsh)
 
 [![Gitpod ready](https://img.shields.io/badge/Gitpod-ready-blue?logo=gitpod)](https://gitpod.io/#https://github.com/ohmyzsh/ohmyzsh)
 
+[![huntr.dev](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev/bounties/disclose/?utm_campaign=ohmyzsh%2Fohmyzsh&utm_medium=social&utm_source=github&target=https%3A%2F%2Fgithub.com%2Fohmyzsh%2Fohmyzsh)
 
 
 
 ## Getting Started
 
 ## Getting Started

+ 7 - 5
SECURITY.md
View File 

@@ -3,7 +3,8 @@
 
 ## Supported Versions
 
 ## Supported Versions
 
 
 
 At the moment Oh My Zsh only considers the very latest commit to be supported.
 
 At the moment Oh My Zsh only considers the very latest commit to be supported.
 
-We combine that with our fast response to incidents, so risk is minimized.
 
+We combine that with our fast response to incidents and the automated updates
 
+to minimize the time between vulnerability publication and patch release.
 
 
 
 | Version        | Supported          |
 
 | Version        | Supported          |
 
 |:-------------- |:------------------ |
 
 |:-------------- |:------------------ |
 
@@ -14,9 +15,10 @@ In the near future we will introduce versioning, so expect this section to chang
 
 
 
 ## Reporting a Vulnerability
 
 ## Reporting a Vulnerability
 
 
 
-If you find a vulnerability, email all the maintainers directly at:
 
+**Do not submit an issue or pull request**: this might reveal the vulnerability.
 
 
 
-- Robby: robby [at] planetargon.com
 
-- Marc: hello [at] mcornella.com
 
+Instead, you should email the maintainers directly at: [**security@ohmyz.sh**](mailto:security@ohmyz.sh).
 
 
 
-**Do not open an issue or Pull Request directly**, because it might reveal the vulnerability.
 
+We will deal with the vulnerability privately and submit a patch as soon as possible.
 
+
 
+You can also submit your vulnerability report to [huntr.dev](https://huntr.dev/bounties/disclose/?utm_campaign=ohmyzsh%2Fohmyzsh&utm_medium=social&utm_source=github&target=https%3A%2F%2Fgithub.com%2Fohmyzsh%2Fohmyzsh) and see if you can get a bounty reward.