diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-03-09 17:38:42 -0700 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-03-09 17:38:42 -0700 |
| commit | ddd381c9a51b3408cf303283c466c7f70baf7e6a (patch) | |
| tree | 1097032b63e58a089873c1ed6745179ab543f62b /doc/release | |
| parent | 2a76c7fd8a94f40575ac16f42c29ec55c38bad0a (diff) | |
| download | gitlab-ce-ddd381c9a51b3408cf303283c466c7f70baf7e6a.tar.gz | |
Add criteria for requesting CVE
Diffstat (limited to 'doc/release')
| -rw-r--r-- | doc/release/security.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/release/security.md b/doc/release/security.md index b67e0f37a04..1575fcf2708 100644 --- a/doc/release/security.md +++ b/doc/release/security.md @@ -22,7 +22,7 @@ Please report suspected security vulnerabilities in private to <support@gitlab.c 1. Merge and publish the blog posts 1. Send tweets about the release from `@gitlabhq` 1. Send out an email to [the community google mailing list](https://groups.google.com/forum/#!forum/gitlabhq) -1. Post a signed copy of our complete announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number +1. Post a signed copy of our complete announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number. CVE is only needed for bugs that allow someone to own the server (Remote Code Execution) or access to code of projects they are not a member of. 1. Add the security researcher to the [Security Researcher Acknowledgments list](http://about.gitlab.com/vulnerability-acknowledgements/) 1. Thank the security researcher in an email for their cooperation 1. Update the blog post and the CHANGELOG when we receive the CVE number |