Skip to content

O
oh-my-zsh
Unverified Commit 29b344a7 authored by Marc Cornellà's avatar Marc Cornellà
Browse files
Options

chore: update security docs and link to huntr.dev

parent 841f3cb0
Hide whitespace changes
Inline Side-by-side
Showing with 8 additions and 5 deletions
README.md
View file @ 29b344a7
...@@ -16,6 +16,7 @@ To learn more, visit [ohmyz.sh](https://ohmyz.sh), follow [@ohmyzsh](https://twi ...@@ -16,6 +16,7 @@ To learn more, visit [ohmyz.sh](https://ohmyz.sh), follow [@ohmyzsh](https://twi
[![Follow @ohmyzsh](https://img.shields.io/twitter/follow/ohmyzsh?label=Follow+@ohmyzsh&style=flat)](https://twitter.com/intent/follow?screen_name=ohmyzsh) [![Follow @ohmyzsh](https://img.shields.io/twitter/follow/ohmyzsh?label=Follow+@ohmyzsh&style=flat)](https://twitter.com/intent/follow?screen_name=ohmyzsh)
[![Discord server](https://img.shields.io/discord/642496866407284746)](https://discord.gg/ohmyzsh) [![Discord server](https://img.shields.io/discord/642496866407284746)](https://discord.gg/ohmyzsh)
[![Gitpod ready](https://img.shields.io/badge/Gitpod-ready-blue?logo=gitpod)](https://gitpod.io/#https://github.com/ohmyzsh/ohmyzsh) [![Gitpod ready](https://img.shields.io/badge/Gitpod-ready-blue?logo=gitpod)](https://gitpod.io/#https://github.com/ohmyzsh/ohmyzsh)
[![huntr.dev](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev/bounties/disclose/?utm_campaign=ohmyzsh%2Fohmyzsh&utm_medium=social&utm_source=github&target=https%3A%2F%2Fgithub.com%2Fohmyzsh%2Fohmyzsh)
## Getting Started ## Getting Started
......
SECURITY.md
View file @ 29b344a7
...@@ -3,7 +3,8 @@ ...@@ -3,7 +3,8 @@
## Supported Versions ## Supported Versions
At the moment Oh My Zsh only considers the very latest commit to be supported. At the moment Oh My Zsh only considers the very latest commit to be supported.
We combine that with our fast response to incidents, so risk is minimized. We combine that with our fast response to incidents and the automated updates
to minimize the time between vulnerability publication and patch release.
| Version | Supported | | Version | Supported |
|:-------------- |:------------------ | |:-------------- |:------------------ |
...@@ -14,9 +15,10 @@ In the near future we will introduce versioning, so expect this section to chang ...@@ -14,9 +15,10 @@ In the near future we will introduce versioning, so expect this section to chang
## Reporting a Vulnerability ## Reporting a Vulnerability
If you find a vulnerability, email all the maintainers directly at: **Do not submit an issue or pull request**: this might reveal the vulnerability.
- Robby: robby [at] planetargon.com Instead, you should email the maintainers directly at: [**security@ohmyz.sh**](mailto:security@ohmyz.sh).
- Marc: hello [at] mcornella.com
**Do not open an issue or Pull Request directly**, because it might reveal the vulnerability. We will deal with the vulnerability privately and submit a patch as soon as possible.
You can also submit your vulnerability report to [huntr.dev](https://huntr.dev/bounties/disclose/?utm_campaign=ohmyzsh%2Fohmyzsh&utm_medium=social&utm_source=github&target=https%3A%2F%2Fgithub.com%2Fohmyzsh%2Fohmyzsh) and see if you can get a bounty reward.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment