Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Link to security policy from blog post is 404ing #5601

Closed
u269c opened this issue Aug 2, 2023 · 11 comments
Closed

Link to security policy from blog post is 404ing #5601

u269c opened this issue Aug 2, 2023 · 11 comments

Comments

@u269c
Copy link

u269c commented Aug 2, 2023

URL:

https://nodejs.org/en/blog/vulnerability/august-2023-security-releases

Browser Name:

Arc

Browser Version:

1.1.1

Operating System:

Mac OS Ventura 13.4.1

How to reproduce the issue:

The Node.js blogpost about the upcoming security release (authored by Rafael Gonzaga)

The bottom link to the security policy is 404-ing, you probably want https://nodejs.org/en/docs/guides/security or straight up to the GH security.md?

I have not verified other blog posts.

@u269c u269c added the bug label Aug 2, 2023
@bmuenzenmeyer
Copy link
Collaborator

I have not verified other blog posts.

I used archive.org to see what the previous content looks like

https://web.archive.org/web/20210424084328/https://nodejs.org/en/security/

It seems to match what is in https://github.com/nodejs/node/blob/main/SECURITY.md - but some of the previous blog posts have the same output.

So to me the resolution is introducing a new redirect for the same similar to this one 9f67d43#diff-d9eafd123ac764afabc33ffcd1ee502a081b3342ee5f739f0fb9ef8e8d1764c1R26-R30.

@ovflowd
Copy link
Member

ovflowd commented Aug 2, 2023

Well we do have a https://nodejs.org/en/docs/guides/security which I have no idea how outdated it is.

But yes, I would rather update the blogpost to redirect to /en/about/secuity (https://github.com/nodejs/nodejs.org/blob/main/next.rewrites.mjs#L61-L64) which in the end goes to https://github.com/nodejs/node/blob/HEAD/SECURITY.md#security

@ovflowd
Copy link
Member

ovflowd commented Aug 2, 2023

cc @nodejs/security @RafaelGSS

@RafaelGSS
Copy link
Member

Yes, there are two distinct routes:

  • /guides/security/ - Node.js Security Best Practices
  • /security/ - This should point to the SECURITY.md

For the second one I believe we should add a redirect to the github/nodejs/node/SECURITY.md.

@ovflowd
Copy link
Member

ovflowd commented Aug 2, 2023

I'm not familiar with the /security route. @RafaelGSS from where did you getting the reference of this route?

I believe the route you want is /en/about/security or just /about/security which should go to the README.md#security

@RafaelGSS
Copy link
Member

@ovflowd See https://web.archive.org/web/20220624004851/https://nodejs.org/en/security/.

It redirects to nodejs/node/SECURITY.md. We should keep this behavior.

@sohan2410
Copy link
Contributor

Can I work on this🤞?

@ljharb
Copy link
Member

ljharb commented Aug 3, 2023

For the security policy, don’t redirect to the file - instead, redirect to https://github.com/nodejs/node/security/policy

@targos
Copy link
Member

targos commented Aug 3, 2023

We can discuss about changing the blog post template(s), but the website is supposed to have a redirect: https://github.com/nodejs/build/blob/f7e0f90a55b0c866041668e4285a16274f1e36f7/ansible/www-standalone/resources/config/nodejs.org?plain=1#L344

@ovflowd
Copy link
Member

ovflowd commented Aug 3, 2023

I was just about to say what @targos mentioned. I guess I forgot about this one. Or intentionally removed it.

I'm going to re-add it.

--

Nope @sohan2410 sorry, this is kinda priority so I wanted to apply a hot and clean fix. Thanks anyways!

@ovflowd
Copy link
Member

ovflowd commented Aug 4, 2023

FYI I've made a hot-fix already, https://nodejs.org/en/security or /security or /any-supported-language/security redirects now to the correct endpoint.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

7 participants