diff options
| -rw-r--r-- | README.md | 1 | ||||
| -rw-r--r-- | SECURITY.md | 12 |
2 files changed, 8 insertions, 5 deletions
@@ -16,6 +16,7 @@ To learn more, visit [ohmyz.sh](https://ohmyz.sh), follow [@ohmyzsh](https://twi [](https://twitter.com/intent/follow?screen_name=ohmyzsh) [](https://discord.gg/ohmyzsh) [](https://gitpod.io/#https://github.com/ohmyzsh/ohmyzsh) +[](https://huntr.dev/bounties/disclose/?utm_campaign=ohmyzsh%2Fohmyzsh&utm_medium=social&utm_source=github&target=https%3A%2F%2Fgithub.com%2Fohmyzsh%2Fohmyzsh) ## Getting Started diff --git a/SECURITY.md b/SECURITY.md index cda53379f..7e5c8eed0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -3,7 +3,8 @@ ## Supported Versions At the moment Oh My Zsh only considers the very latest commit to be supported. -We combine that with our fast response to incidents, so risk is minimized. +We combine that with our fast response to incidents and the automated updates +to minimize the time between vulnerability publication and patch release. | Version | Supported | |:-------------- |:------------------ | @@ -14,9 +15,10 @@ In the near future we will introduce versioning, so expect this section to chang ## Reporting a Vulnerability -If you find a vulnerability, email all the maintainers directly at: +**Do not submit an issue or pull request**: this might reveal the vulnerability. -- Robby: robby [at] planetargon.com -- Marc: hello [at] mcornella.com +Instead, you should email the maintainers directly at: [**security@ohmyz.sh**](mailto:security@ohmyz.sh). -**Do not open an issue or Pull Request directly**, because it might reveal the vulnerability. +We will deal with the vulnerability privately and submit a patch as soon as possible. + +You can also submit your vulnerability report to [huntr.dev](https://huntr.dev/bounties/disclose/?utm_campaign=ohmyzsh%2Fohmyzsh&utm_medium=social&utm_source=github&target=https%3A%2F%2Fgithub.com%2Fohmyzsh%2Fohmyzsh) and see if you can get a bounty reward. |