Skip to content

Commit

Permalink
chore: update security docs and link to huntr.dev
Browse files Browse the repository at this point in the history
  • Loading branch information
@mcornella
mcornella committed Dec 7, 2021
1 parent 841f3cb commit 29b344a
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 5 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ To learn more, visit [ohmyz.sh](https://ohmyz.sh), follow [@ohmyzsh](https://twi
[![Follow @ohmyzsh](https://img.shields.io/twitter/follow/ohmyzsh?label=Follow+@ohmyzsh&style=flat)](https://twitter.com/intent/follow?screen_name=ohmyzsh)
[![Discord server](https://img.shields.io/discord/642496866407284746)](https://discord.gg/ohmyzsh)
[![Gitpod ready](https://img.shields.io/badge/Gitpod-ready-blue?logo=gitpod)](https://gitpod.io/#https://github.com/ohmyzsh/ohmyzsh)
[![huntr.dev](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev/bounties/disclose/?utm_campaign=ohmyzsh%2Fohmyzsh&utm_medium=social&utm_source=github&target=https%3A%2F%2Fgithub.com%2Fohmyzsh%2Fohmyzsh)

## Getting Started

Expand Down
12 changes: 7 additions & 5 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@
## Supported Versions

At the moment Oh My Zsh only considers the very latest commit to be supported.
We combine that with our fast response to incidents, so risk is minimized.
We combine that with our fast response to incidents and the automated updates
to minimize the time between vulnerability publication and patch release.

| Version | Supported |
|:-------------- |:------------------ |
Expand All @@ -14,9 +15,10 @@ In the near future we will introduce versioning, so expect this section to chang

## Reporting a Vulnerability

If you find a vulnerability, email all the maintainers directly at:
**Do not submit an issue or pull request**: this might reveal the vulnerability.

- Robby: robby [at] planetargon.com
- Marc: hello [at] mcornella.com
Instead, you should email the maintainers directly at: [**[email protected]**](mailto:[email protected]).

**Do not open an issue or Pull Request directly**, because it might reveal the vulnerability.
We will deal with the vulnerability privately and submit a patch as soon as possible.

You can also submit your vulnerability report to [huntr.dev](https://huntr.dev/bounties/disclose/?utm_campaign=ohmyzsh%2Fohmyzsh&utm_medium=social&utm_source=github&target=https%3A%2F%2Fgithub.com%2Fohmyzsh%2Fohmyzsh) and see if you can get a bounty reward.

0 comments on commit 29b344a

Please sign in to comment.