From 249c6d3b3f1fa6634fae80f7d4a738a0e08806b7 Mon Sep 17 00:00:00 2001 From: Michael O'Toole Date: Fri, 4 Feb 2022 12:12:27 +0000 Subject: [PATCH 1/4] Update security policy and re-add sponsors link. --- .github/FUNDING.yml | 3 +++ SECURITY.md | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 .github/FUNDING.yml create mode 100644 SECURITY.md diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 000000000000..1f0eae411b06 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,3 @@ +# These are supported funding model platforms + +github: [kelvintegelaar] \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000000..2ae8da5032d8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,19 @@ +# Security Policy + +## Supported Versions + +The current [release](https://github.com/KelvinTegelaar/CIPP/releases) is the only "supported version" and should not have any security bugs. However if you find a security issue in an older release feel free to also report this in case of regression, We'd rather know we made a mistake at one point in time and avoid that in the future. + +## Reporting a Vulnerability + +Reporting a vulnerability is best done by emailing [security@cyberdrain.com](mailto:security@cyberdrain.com?subject=CIPP Security Issue) but you can also message an admin on the CyberDrain Discord. All relevant contributors will be alerted and can discuss the issue in private and address it if appropriate. It will help in making the fix available as soon as possible without endangering other users of the product. + +We will publicly release any security report after the resolution, including all communications. If you would rather have only the bug report public, please let us know in the report. + +## Notifications and security advisories + +We report any security notification via the GitHub notification and advisory system. Sponsors that are hosted will also receive a notification in case a major bug has been found. + +## Bounties and Rewards + +This project is an open-source sponsorware effort, which makes it hard to create a monetary reward without breaking the bank very quickly. for *critical* level bugs, that cause RCE/API data leaks/etc I will award a 50 dollar reward. For other bugs, I potentially am able to reward with some swag such as an official CyberDrain T-shirt or hoodie :) From 529d6f64e9044978c32157b04cf7321710845528 Mon Sep 17 00:00:00 2001 From: Michael O'Toole Date: Fri, 4 Feb 2022 12:13:12 +0000 Subject: [PATCH 2/4] Fix SCSS linting. --- src/scss/_custom.scss | 1 + 1 file changed, 1 insertion(+) diff --git a/src/scss/_custom.scss b/src/scss/_custom.scss index d7c365bbb661..dd46f9aa0c38 100644 --- a/src/scss/_custom.scss +++ b/src/scss/_custom.scss @@ -349,6 +349,7 @@ p { margin-bottom: 0; } + img { max-height: 2rem; } From 17d3572e57e6312ba1ef55e158319cb2e406e8b6 Mon Sep 17 00:00:00 2001 From: Michael O'Toole Date: Fri, 4 Feb 2022 12:17:02 +0000 Subject: [PATCH 3/4] Update text. --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 2ae8da5032d8..16e603316fb0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,7 +6,7 @@ The current [release](https://github.com/KelvinTegelaar/CIPP/releases) is the on ## Reporting a Vulnerability -Reporting a vulnerability is best done by emailing [security@cyberdrain.com](mailto:security@cyberdrain.com?subject=CIPP Security Issue) but you can also message an admin on the CyberDrain Discord. All relevant contributors will be alerted and can discuss the issue in private and address it if appropriate. It will help in making the fix available as soon as possible without endangering other users of the product. +Reporting a vulnerability is best done by emailing [security@cyberdrain.com](mailto:security@cyberdrain.com?subject=CIPP Security Issue) but you can also message an admin directly on the CyberDrain Discord. All relevant contributors will be alerted and can discuss the issue in private and address it if appropriate. It will help in making the fix available as soon as possible without endangering other users of the product. We will publicly release any security report after the resolution, including all communications. If you would rather have only the bug report public, please let us know in the report. From e5029e8ef528fe30f0e71461dd85b92ecfc48c4d Mon Sep 17 00:00:00 2001 From: Michael O'Toole Date: Fri, 4 Feb 2022 12:18:36 +0000 Subject: [PATCH 4/4] Fix funding.yml formatting. --- .github/FUNDING.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index d008b8cd344e..33cbb4b78adb 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,3 +1,4 @@ +--- # These are supported funding model platforms github: [kelvintegelaar]