From 38e2a800df1fabf5ab69db4516deb6d354a4317a Mon Sep 17 00:00:00 2001 From: Daniel Beck Date: Wed, 10 Aug 2022 10:46:50 +0200 Subject: [PATCH 1/4] Add security.txt file --- content/.well-known/security.txt | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 content/.well-known/security.txt diff --git a/content/.well-known/security.txt b/content/.well-known/security.txt new file mode 100644 index 000000000000..bd7f4399069a --- /dev/null +++ b/content/.well-known/security.txt @@ -0,0 +1,13 @@ +# These web pages have always up to date information how to report issues: +Contact: https://www.jenkins.io/security/reporting/ +Contact: https://www.jenkins.io/security/#reporting-vulnerabilities + +# We also accept emails sent to this address: +Contact: mailto:jenkinsci-cert@googlegroups.com + +# While team members speaks other languages, this is the language common to all +Preferred-Languages: en + +Expires: 2023-01-01T00:00:00.000Z +Canonical: https://www.jenkins.io/.well-known/security.txt +Policy: https://www.jenkins.io/security/reporting/ From 374a7457b8c18fbad571a9c08a6933982520be0a Mon Sep 17 00:00:00 2001 From: Daniel Beck Date: Wed, 10 Aug 2022 11:09:19 +0200 Subject: [PATCH 2/4] Add workaround for Awestruct ignoring . prefixed directories --- content/_ext/pipeline.rb | 1 + content/_ext/well_known.rb | 11 +++++++++++ 2 files changed, 12 insertions(+) create mode 100644 content/_ext/well_known.rb diff --git a/content/_ext/pipeline.rb b/content/_ext/pipeline.rb index d84b4aeeb53a..c1123f8a73d9 100644 --- a/content/_ext/pipeline.rb +++ b/content/_ext/pipeline.rb @@ -39,6 +39,7 @@ extension Awestruct::IBeams::DataDir.new extension SolutionPage.new + extension WellKnown.new extension Releases.new extension UpgradeGuide.new diff --git a/content/_ext/well_known.rb b/content/_ext/well_known.rb new file mode 100644 index 000000000000..24f308e491d4 --- /dev/null +++ b/content/_ext/well_known.rb @@ -0,0 +1,11 @@ +require 'awestruct/page' + +# Workaround for . prefixed directories being ignored +class WellKnown + def execute(site) + # TODO Make more generic, iterate over all files in the directory + page = site.engine.load_page("#{site.dir}/.well-known/security.txt") + page.output_path = "/.well-known/security.txt" + site.pages << page + end +end From d436a7adf6389148f556f813f607b6888f947d59 Mon Sep 17 00:00:00 2001 From: Daniel Beck <1831569+daniel-beck@users.noreply.github.com> Date: Wed, 4 Dec 2024 09:36:57 +0100 Subject: [PATCH 3/4] Apply suggestions from code review Co-authored-by: Meg McRoberts --- content/.well-known/security.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/.well-known/security.txt b/content/.well-known/security.txt index bd7f4399069a..68566f7f3c46 100644 --- a/content/.well-known/security.txt +++ b/content/.well-known/security.txt @@ -1,11 +1,11 @@ -# These web pages have always up to date information how to report issues: +# The following web pages always contain current information about how to report issues: Contact: https://www.jenkins.io/security/reporting/ Contact: https://www.jenkins.io/security/#reporting-vulnerabilities # We also accept emails sent to this address: Contact: mailto:jenkinsci-cert@googlegroups.com -# While team members speaks other languages, this is the language common to all +# While team members speak other languages, this is the language common to all Preferred-Languages: en Expires: 2023-01-01T00:00:00.000Z From 43fb6fbad4c6f7800f49872a200f4fd40f4a88a4 Mon Sep 17 00:00:00 2001 From: Daniel Beck <1831569+daniel-beck@users.noreply.github.com> Date: Wed, 4 Dec 2024 09:58:46 +0100 Subject: [PATCH 4/4] Update Expires --- content/.well-known/security.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/.well-known/security.txt b/content/.well-known/security.txt index 68566f7f3c46..b0c1da486381 100644 --- a/content/.well-known/security.txt +++ b/content/.well-known/security.txt @@ -8,6 +8,6 @@ Contact: mailto:jenkinsci-cert@googlegroups.com # While team members speak other languages, this is the language common to all Preferred-Languages: en -Expires: 2023-01-01T00:00:00.000Z +Expires: 2026-01-01T00:00:00.000Z Canonical: https://www.jenkins.io/.well-known/security.txt Policy: https://www.jenkins.io/security/reporting/