From 5ee5f82e3d54ac0dc49ff6bd93382e768976dbdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20Klabbers?= Date: Thu, 10 Jun 2021 16:26:40 +0200 Subject: [PATCH] huntr.dev as first point for security vuln (#2918) * huntr.dev as first point for security vuln * add badge for huntr.dev --- .github/SECURITY.md | 10 ++++------ README.md | 1 + 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index f1c4e73aa9..d0022ab872 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -2,12 +2,10 @@ ## Supported Versions -We will only patch security vulnerabilities in the stable 1.x release. +**We only patch security vulnerabilities in the latest major release (1.x).** -## Reporting a Vulnerability +We use [huntr.dev](https://huntr.dev/) for security issues that affect our project. If you believe you have found a vulnerability, please disclose it via [this form](https://huntr.dev/bounties/disclose/?target=https://github.com/flarum/core). -If you discover a security vulnerability within Flarum, please send an email to security@flarum.org so we can address it promptly. +This will enable us to **review** the vulnerability, **fix** it promptly, and **reward** you for your efforts. -We will get back to you as time allows. -Discussions may commence internally, so you may not hear back immediately. -When reporting a vulnerability, please provide your GitHub username (if available), so that we can invite you to collaborate on a [security advisory on GitHub](https://help.github.com/en/articles/about-maintainer-security-advisories). +If you have any questions about the process, feel free to reach out to security@huntr.dev or security@flarum.org. diff --git a/README.md b/README.md index b719fc7376..219510cac8 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ Total Downloads Latest Version License +huntr StyleCI