chore: update security docs and link to huntr.dev

This commit is contained in:
Marc Cornellà 2021-12-07 18:04:33 +01:00
parent 841f3cb0bb
commit 29b344a710
No known key found for this signature in database
GPG key ID: 0314585E776A9C1B
2 changed files with 8 additions and 5 deletions

View file

@ -16,6 +16,7 @@ To learn more, visit [ohmyz.sh](https://ohmyz.sh), follow [@ohmyzsh](https://twi
[![Follow @ohmyzsh](https://img.shields.io/twitter/follow/ohmyzsh?label=Follow+@ohmyzsh&style=flat)](https://twitter.com/intent/follow?screen_name=ohmyzsh)
[![Discord server](https://img.shields.io/discord/642496866407284746)](https://discord.gg/ohmyzsh)
[![Gitpod ready](https://img.shields.io/badge/Gitpod-ready-blue?logo=gitpod)](https://gitpod.io/#https://github.com/ohmyzsh/ohmyzsh)
[![huntr.dev](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev/bounties/disclose/?utm_campaign=ohmyzsh%2Fohmyzsh&utm_medium=social&utm_source=github&target=https%3A%2F%2Fgithub.com%2Fohmyzsh%2Fohmyzsh)
## Getting Started

View file

@ -3,7 +3,8 @@
## Supported Versions
At the moment Oh My Zsh only considers the very latest commit to be supported.
We combine that with our fast response to incidents, so risk is minimized.
We combine that with our fast response to incidents and the automated updates
to minimize the time between vulnerability publication and patch release.
| Version | Supported |
|:-------------- |:------------------ |
@ -14,9 +15,10 @@ In the near future we will introduce versioning, so expect this section to chang
## Reporting a Vulnerability
If you find a vulnerability, email all the maintainers directly at:
**Do not submit an issue or pull request**: this might reveal the vulnerability.
- Robby: robby [at] planetargon.com
- Marc: hello [at] mcornella.com
Instead, you should email the maintainers directly at: [**security@ohmyz.sh**](mailto:security@ohmyz.sh).
**Do not open an issue or Pull Request directly**, because it might reveal the vulnerability.
We will deal with the vulnerability privately and submit a patch as soon as possible.
You can also submit your vulnerability report to [huntr.dev](https://huntr.dev/bounties/disclose/?utm_campaign=ohmyzsh%2Fohmyzsh&utm_medium=social&utm_source=github&target=https%3A%2F%2Fgithub.com%2Fohmyzsh%2Fohmyzsh) and see if you can get a bounty reward.