Document how to raise security issues

Update contributing documentation and the issue template with
instructions on how to report security vulnerabilities.

Closes gh-12509
pull/13438/head
Phillip Webb 7 years ago
parent 37646517cf
commit 2fa057a06c

@ -1,20 +1,20 @@
<!--
Thanks for raising a Spring Boot issue. What sort of issue are you raising?
Question
❓Question
Please ask questions about how to use something, or to understand why something isn't
working as you expect it to, on Stack Overflow using the spring-boot tag.
Bug report
🐞 Bug report
Please provide details of the problem, including the version of Spring Boot that you
are using. If possible, please provide a test case or sample application that reproduces
the problem. This makes it much easier for us to diagnose the problem and to verify that
we have fixed it.
Enhancement
🚨 Security Vulnerability
STOP!! Please don't raise security vulnerabilities here. Head over to https://pivotal.io/security to learn how to disclose them responsibly.
🎁 Enhancement
Please start by describing the problem that you are trying to solve. There may already
be a solution, or there may be a way to solve it that you hadn't considered.
-->
-->

@ -25,6 +25,14 @@ problem.
== Reporting Security Vulnerabilities
If you think you have found a security vulnerability in Spring Boot please *DO NOT*
disclose it publicly until we've had a chance to fix it. Please don't report security
vulnerabilities using GitHub issues, instead head over to https://pivotal.io/security and
learn how to disclose them responsibly.
== Sign the Contributor License Agreement
Before we accept a non-trivial patch or pull request we will need you to
https://cla.pivotal.io/sign/spring[sign the Contributor License Agreement].

Loading…
Cancel
Save