You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by tw...@apache.org on 2022/10/11 06:22:35 UTC

[mina-sshd] branch master updated: Add info about reporting security vulnerabilities

This is an automated email from the ASF dual-hosted git repository.

twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git


The following commit(s) were added to refs/heads/master by this push:
     new c2eb4cca0 Add info about reporting security vulnerabilities
c2eb4cca0 is described below

commit c2eb4cca01b59af47349a08f6ca19b032cec44bc
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Sun Oct 9 15:15:42 2022 +0200

    Add info about reporting security vulnerabilities
    
    Point to [1] , which describes how to report security vulnerabilities
    for Apache projects.
    
    Add a SECURITY.md intended for humans, and a RFC 9116-style
    security.txt intended for automated tools.
    
    [1] https://www.apache.org/security/
---
 SECURITY.md  |  5 +++++
 security.txt | 24 ++++++++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..6a6acf585
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security
+
+If you suspect you have found a security vulnerability in [Apache MINA sshd](./README.md) code, please read the [ASF Security Policy](https://www.apache.org/security/)
+for how to report the issue. Please do not report the details publicly until the report is reviewed and a fixed version has been published.
+More details are in the description of the [ASF Security Vulnerability Process](https://www.apache.org/security/committers.html).
diff --git a/security.txt b/security.txt
new file mode 100644
index 000000000..9e4bc1ef9
--- /dev/null
+++ b/security.txt
@@ -0,0 +1,24 @@
+# RFC 9116 format specifications for security contacts for Apache MINA sshd
+
+# Contact e-mail is listed on this web page. It's "security" with the Apache domain.
+Contact: https://www.apache.org/security/
+
+# The ASF policy page on dealing with security vulnerabilities
+Policy: https://www.apache.org/security/
+
+# A more detailed description of the whole process
+Policy: https://www.apache.org/security/committers.html
+
+# The canonical locations of this file
+Canonical: https://gitbox.apache.org/repos/asf?p=mina-sshd.git;a=blob_plain;f=security.txt;hb=HEAD
+Canonical: https://github.com/apache/mina-sshd/blob/master/security.txt
+Canonical: https://raw.githubusercontent.com/apache/mina-sshd/master/security.txt
+
+# OpenPGP keys
+Encryption: https://www.apache.org/security/KEYS.txt
+
+# Please use English
+Preferred-Languages: en
+
+# No expiration. All data is maintained and updated at the apache.org web site. RFC 9116 mandates this field, though.
+Expires: 2999-12-31T23:59:59Z