Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[theia-dev] Clarification about Reporting Security Vulnerabilities
  • From: Marc Dumais <marc.dumais@xxxxxxxxxxxx>
  • Date: Mon, 2 Aug 2021 17:03:38 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UFUpVSci7dC2ex+OaGFeTx8GEBemtnJU1NEVtjp4sOY=; b=Y235VDiExUAZNe2M1NXeMYW4dDGC6j5ZYXyMmbhhGL7VHAai176BFrqMyIvIGUYzwM1tFWevOOKwVCP9/wKtgtefjghxwZ3Ok2WgAw9vcMw924dYFltTV/c0GyadG74fDzjcz148ph6AXxyi3NTHyHcgCIjXYsBNeOq1mjeZeP5s/S1l+mXHJ+TY8FFnpyCr1QRzTwkAFHrXoe4IP+piE+cotnm0LYT7zFBiw1K6lNf3UMhC5hiJBz+1hIskiXk9SjyYKA9d0hPegVFI80OHsCKLdbS9TpBywRqvzSQ5K+QvxSnlNjtxldDpFxr7LzP2a7B08qeclVidsEALID4KoA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qqubg/s8nXb8EtVb82R6bDMNVAuFUbAeMzTDeX/54bgicpZs6VdEwEltW/0qJYnaLR0cUAP9iDcayRrPKzmJRdGbt93q4X+mzIw2zfz15g4rOVUouC7Io83CD0iVOP2FRTSxKzKfz3gaCedYOyOjh3jGpS+lzMexuZpTNr67qNMnPTgy2ONd/w4KDkyH1AmYFG5pQkTr3HtabIDc1Nhlfjcn8acJBoTA+g+vwJSrRS1bCsXejrzFl1ChzMx8AHXUrVWoCFlMd/qrFAOUtfW/FynQjM0nD/Z3tgGHEwyLn1a5OUpHSxm7Gp6kfH6/BCLsvVd3RfoVua48EErPGNwm3Q==
  • Delivered-to: theia-dev@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/theia-dev/>
  • List-help: <mailto:theia-dev-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/theia-dev>, <mailto:theia-dev-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/theia-dev>, <mailto:theia-dev-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AQHXh78iqYslp2znaEWFnb7ZwA9LpQ==
  • Thread-topic: Clarification about Reporting Security Vulnerabilities
Hi committers,

In order to make it clearer how vulnerabilities should be handled in our project, we have added a security policy (SECURITY.md) in our main repo.

TL;DR: new potential vulnerabilities should be reported directly to the Eclipse Security Team, rather than through a GitHub issue, PR or discussion. This ensures that any potential vulnerability can be assessed and if required addressed, and then can be disclosed, in an orderly manner.

The issue and PR templates have been updated to make that clear. See the following PR for details:


Thanks,
Marc

Back to the top