Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: Create SECURITY.md #5252

Merged
merged 2 commits into from
Jan 21, 2024
Merged

Conversation

SilverStars03
Copy link
Contributor

@SilverStars03 SilverStars03 commented Aug 18, 2023

Checklist
  • npm test passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
Affected core subsystem(s)
Description of change

SECURITY.md Outdated
Comment on lines 3 to 13
## Supported Versions

Use this section to tell people about which versions of your project are
currently being supported with security updates.

| Version | Supported |
| ------- | ------------------ |
| 5.1.x | :white_check_mark: |
| 5.0.x | :x: |
| 4.0.x | :white_check_mark: |
| < 4.0 | :x: |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe this doesn't belong to "Security" problem but something like "Maintance Timetable"?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of this information came off of a family members router page it was injected into the page and fonts with a bad certificate ..the whole page.
How can I get the vulnerabilities off of there?..

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of this information came off of a family members router page it was injected into the page and fonts with a bad certificate ..the whole page. How can I get the vulnerabilities off of there?..

You can directly leave your info by sending a message directly to [email protected], he is the leader of the project, if u confirm this has something to do with the vulnerabilities, plz attach the img if possible.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe this doesn't belong to "Security" problem but something like "Maintance Timetable"?

Is there anything I can do to get this off my router login page and get it to stop touting through all my apps?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of this information came off of a family members router page it was injected into the page and fonts with a bad certificate ..the whole page. How can I get the vulnerabilities off of there?..

You can directly leave your info by sending a message directly to [email protected], he is the leader of the project, if u confirm this has something to do with the vulnerabilities, plz attach the img if possible.

I have had it in there a long time I was trying to upload files so people would know what was put on there because of course every technician at Hughes net will say it's not their fault or they don't see a problem.. it looks like someone maybe be just spying/ routing my data

SECURITY.md Outdated
Comment on lines 15 to 21
## Reporting a Vulnerability

Use this section to tell people how to report a vulnerability.

Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.
Copy link
Contributor

@SEWeiTung SEWeiTung Aug 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks nice to me, but it could be possible:

  1. Please change the rough skeleton into a real, detailled security info article (Maybe this should wait for the response from the other members of Eggjs).

  2. @eggjs/core :Any info or feedback email address of security info feedback? Where could we feedback if anything unsafe?

@fengmk2
Copy link
Member

fengmk2 commented Aug 21, 2023

来晚了,挺好的,目前我们没有公共的邮箱,安全漏洞反馈联系人可以直接写我的邮箱 [email protected] ,如果运行一段时间有非常多的反馈,我再看看能否接入一个三方的安全上报平台来解决此类问题。

@SEWeiTung
Copy link
Contributor

@SilverStars03:很可惜你的回复被关闭,我想再次帮助你打开,可否在得空的时候继续提供帮助呢?fengmk2已经提供了一个专门反馈安全的电邮。

@SEWeiTung SEWeiTung reopened this Aug 25, 2023
@codecov
Copy link

codecov bot commented Aug 25, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (3c82b4b) 99.86% compared to head (f65c0e3) 99.86%.
Report is 12 commits behind head on master.

❗ Current head f65c0e3 differs from pull request most recent head 7713c0f. Consider uploading reports for the commit 7713c0f to get more accurate results

Additional details and impacted files
@@           Coverage Diff           @@
##           master    #5252   +/-   ##
=======================================
  Coverage   99.86%   99.86%           
=======================================
  Files          36       36           
  Lines        3601     3601           
  Branches      516      516           
=======================================
  Hits         3596     3596           
  Misses          5        5           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@fengmk2 fengmk2 changed the title Create SECURITY.md docs: Create SECURITY.md Jan 21, 2024
@fengmk2 fengmk2 merged commit 4471807 into eggjs:master Jan 21, 2024
15 of 17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants